CVE-2023-33374

Name of the Vulnerable Software and Affected Versions Connected IO versions 2.1.0 and prior

Description The issue allows attackers to execute arbitrary OS commands on devices, resulting in arbitrary remote command execution. This is due to a command in the communication protocol that enables the management platform to specify OS commands for devices to execute.

Recommendations For versions 2.1.0 and prior, consider disabling the vulnerable command in the communication protocol as a temporary workaround until a patch is available. Restrict access to the management platform to minimize the risk of exploitation. Avoid using the affected communication protocol until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.