CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-49959

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/start_update endpoint.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.017

EPSS Ranking 81.4%

CVSS Severity

CVSS v3 Score 9.8

References

https://code-white.com/public-vulnerability-list/
https://www.indu-sol.com/en/products/profinet/diagnostics/profinet-inspektorr-nt/
https://code-white.com/public-vulnerability-list/
https://www.indu-sol.com/en/products/profinet/diagnostics/profinet-inspektorr-nt/

Products affected by CVE-2023-49959

Indu-Sol » Profinet-Inspektor Nt » Version: Any

cpe:2.3:a:indu-sol:profinet-inspektor_nt:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-49959

Products

Pricing

Contact Us