Vulnerability Description
The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Belden | Hirschmann Bat-C2 Firmware | < 09.13.00r04 |
| Belden | Hirschmann Bat-C2 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-CExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2022/Nov/19ExploitThird Party Advisory
- https://www.belden.com/support/security-assuranceBroken Link
- http://packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-CExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2022/Nov/19ExploitThird Party Advisory
- https://www.belden.com/support/security-assuranceBroken Link
FAQ
What is CVE-2022-40282?
CVE-2022-40282 is a vulnerability with a CVSS score of 8.8 (HIGH). The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir para...
How severe is CVE-2022-40282?
CVE-2022-40282 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40282?
Check the references section above for vendor advisories and patch information. Affected products include: Belden Hirschmann Bat-C2 Firmware, Belden Hirschmann Bat-C2.