Lucene search

[email protected]NVD:CVE-2023-28343

HistoryMar 14, 2023 - 8:15 p.m.

CVE-2023-28343

2023-03-1420:15:10

CWE-78

[email protected]

web.nvd.nist.gov

command injection

altenergy power control software

set_timezone

management_model.php

cve-2023-28343

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.949 High

EPSS

Percentile

99.3%

JSON

OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.

Affected configurations

NVD

Node

apsystemsenergy_communication_unit_firmwareMatchc1.2.5

AND

apsystemsenergy_communication_unitMatch-

References

packetstormsecurity.com/files/171775/Altenergy-Power-Control-Software-C1.2.5-Command-Injection.html

apsystems.com

github.com/ahmedalroky/Disclosures/blob/main/apesystems/os_command_injection.md

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.949 High

EPSS

Percentile

99.3%

JSON

Related for NVD:CVE-2023-28343

cve1 ics1 prion1 nuclei1 githubexploit1 zdt1 packetstorm1 cvelist1 exploitdb1