CVE-2023-46359

CVSS 9.8 CRITICALEPSS 80.9%CWE-78

Vexday Risk Score

65High priority

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 80.9%KEV nãoPoC —Nuclei simMetasploit —Patch —

Lifecycle

06 Feb 2024Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://hardy.com https://www.offensity.com/en/blog/os-command-injection-in-cph2-charging-station-200-cve-2023-46359-and-cve-2023-46360/