Command injection in SenNet Data Logger - CVE-2017-6048
Published: May 16, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU6550
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2017-6048
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Satel Iberia
Affected software:
SenNet Data Logger
SenNet Data Logger
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on a targeted system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can break out the jailed shell, gain elevated privileges and execute arbitrary commands on the system.
Successful exploitation of the vulnerability may result in full system compromise.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can break out the jailed shell, gain elevated privileges and execute arbitrary commands on the system.
Successful exploitation of the vulnerability may result in full system compromise.
How to mitigate CVE-2017-6048
Install update from vendor's website.