Lucene search

[email protected]CVE-2022-40282

HistoryNov 25, 2022 - 5:15 a.m.

CVE-2022-40282

2022-11-2505:15:13

[email protected]

web.nvd.nist.gov

cve-2022-40282

hirschmann bat-c2

web server

command injection

authenticated

vulnerability

bsecv-2022-21

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.6%

JSON

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor’s ID is BSECV-2022-21.

Affected configurations

NVD

Node

beldenhirschmann_bat-c2_firmwareRange<09.13.00r04

AND

beldenhirschmann_bat-c2Match-

CPENameOperatorVersion
belden:hirschmann_bat-c2_firmwarebelden hirschmann bat-c2 firmwarelt09.13.00r04

CPE	Name	Operator	Version
belden:hirschmann_bat-c2_firmware	belden hirschmann bat-c2 firmware	lt	09.13.00r04

References

packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-Command-Injection.html

seclists.org/fulldisclosure/2022/Nov/19

www.belden.com/support/security-assurance

Social References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.6%

JSON

Related for CVE-2022-40282

prion1 cvelist1 nvd1 packetstorm1 cnvd1