CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
68.3%
The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor’s ID is BSECV-2022-21.
Vendor | Product | Version | CPE |
---|---|---|---|
belden | hirschmann_bat-c2_firmware | * | cpe:2.3:o:belden:hirschmann_bat-c2_firmware:*:*:*:*:*:*:*:* |
belden | hirschmann_bat-c2 | - | cpe:2.3:h:belden:hirschmann_bat-c2:-:*:*:*:*:*:*:* |