PT-2023-14223 · Sewio · Sewio'S Real-Time Location System (Rtls) Studio
Andrea Palanca
·
Published
2023-01-16
·
Updated
2023-01-25
·
CVE-2022-43483
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sewio’s Real-Time Location System (RTLS) Studio versions 2.0.0 through 2.6.2
Description
The issue is related to improper validation of the input module name to the monitor services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.
Recommendations
For versions 2.0.0 through 2.6.2, update to a version that properly validates input module names to prevent remote attackers from accessing sensitive functions and executing arbitrary system commands.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sewio'S Real-Time Location System (Rtls) Studio