CVE-2022-40282
Hirschmann (Belden) BAT-C2 8.8.1.0R8 Command Injection
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.
El servidor web de Hirschmann BAT-C2 anterior a 09.13.01.00R04 permite la inyección de comandos autenticados. Esto permite que un atacante autenticado pase comandos al shell del sistema porque el parámetro dir de la función FsCreateDir Ajax no está suficientemente sanitizado. La identificación del proveedor es BSECV-2022-21.
Hirschmann (Belden) BAT-C2 version 8.8.1.0R8 suffers from a remote authenticated command injection vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-09-08 CVE Reserved
- 2022-11-25 CVE Published
- 2024-07-16 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://www.belden.com/support/security-assurance | Broken Link |
| URL | Date | SRC |
|---|---|---|
| http://packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-Command-Injection.html | 2024-08-03 | |
| http://seclists.org/fulldisclosure/2022/Nov/19 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Belden Search vendor "Belden" | Hirschmann Bat-c2 Firmware Search vendor "Belden" for product "Hirschmann Bat-c2 Firmware" | < 09.13.00r04 Search vendor "Belden" for product "Hirschmann Bat-c2 Firmware" and version " < 09.13.00r04" | - |
Affected
| in | Belden Search vendor "Belden" | Hirschmann Bat-c2 Search vendor "Belden" for product "Hirschmann Bat-c2" | - | - |
Safe
|