PT-2023-15526 · Sewio · Sewio'S Real-Time Location System (Rtls) Studio
Andrea Palanca
·
Published
2023-01-16
·
Updated
2023-01-26
·
CVE-2022-47911
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sewio’s Real-Time Location System (RTLS) Studio versions 2.0.0 through 2.6.2
Description
The issue is related to improper validation of the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.
Recommendations
For versions 2.0.0 through 2.6.2, consider restricting access to the backup services of the software to minimize the risk of exploitation. As a temporary workaround, limit the input module name validation to prevent remote attackers from accessing sensitive functions of the application. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sewio'S Real-Time Location System (Rtls) Studio