PT-2025-34327 · Danfoss · Ak-Sm8Xxa
Published
2025-08-22
·
Updated
2025-08-24
·
CVE-2025-41451
CVSS v4.0
8.7
High
| Vector | AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions:
Danfoss AK-SM8xxA Series versions prior to 4.3.1
Description:
Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') exists in the software, potentially leading to post-authenticated remote code execution on an attacked system. The vulnerability resides in the handling of configuration fields used for alarm-to-mail functionality. A 'Command Injection' occurs when an attacker can insert arbitrary commands into a system's shell through manipulated input.
Recommendations:
Update Danfoss AK-SM8xxA Series to version 4.3.1 or later.
Fix
RCE
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ak-Sm8Xxa