N/A

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow an authenticated highly-privileged remote attacker to execute a limited set of binaries that are already present on the filesystem.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Siemens SCALANCE LPE9403 操作系统命令注入漏洞

Siemens SCALANCE LPE9403是德国西门子（Siemens）公司的一款用于工业现场数据处理的本地处理引擎。用于捕获、收集和预处理工业现场数据。 Siemens SCALANCE LPE9403 6GK5998-3GS00-2AC2 V4.0及之前版本存在操作系统命令注入漏洞，该漏洞源于解释用户控制的日志路径时未正确中和特殊字符，可能导致执行有限集的二进制文件。

N/A

N/A