PT-2022-15499 · Distributed Data Systems · Webhmi
Antonio Cuomo
·
Published
2022-07-01
·
Updated
2022-07-13
·
CVE-2022-2253
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Distributed Data Systems WebHMI version 4.1.1.7662
Description
A user with administrative privileges may send OS commands to execute on the host server. This issue allows for potential command execution on the host server by an administrative user.
Recommendations
For Distributed Data Systems WebHMI version 4.1.1.7662, consider restricting administrative access to trusted users only until a fix is available. As a temporary workaround, monitor and limit the execution of OS commands on the host server to minimize potential damage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webhmi