CVE-2022-32534

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Bosch PRA-ES8P2S versions 1.01.05 and earlier

Description The issue is related to insufficient input validation in the diagnostics web interface of the Bosch PRA-ES8P2S Ethernet switch. This allows a remote attacker to execute arbitrary operating system commands using specially crafted data. The vulnerability can be exploited through the diagnostics web interface, enabling the execution of shell commands.

Recommendations For versions 1.01.05 and earlier, consider disabling the diagnostics web interface as a temporary workaround until a patch is available. Restrict access to the web interface to minimize the risk of exploitation.

Fix

OS Command Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-20

Related Identifiers

BDU:2022-04252

CVE-2022-32534

Affected Products

Bosch Pra-Es8P2S

CVE-2022-32534

Weakness Enumeration

Related Identifiers

Affected Products

References · 6