CVE-2022-34753 PoC — Schneider Electric SpaceLogic C-Bus Home Controller 操作系统命令注入漏洞

Source

https://github.com/K3ysTr0K3R/CVE-2022-34753-EXPLOIT

Associated Vulnerability

Title:Schneider Electric SpaceLogic C-Bus Home Controller 操作系统命令注入漏洞 (CVE-2022-34753)
Description:Schneider Electric SpaceLogic C-Bus Home Controller是法国施耐德电气（Schneider Electric）公司的一个功能强大、完全集成的系统。可以控制和自动化照明和许多其他电气系统和产品。 Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) V1.31.460 及之前版本存在操作系统命令注入漏洞，该漏洞源于OS 命令中使用的特殊元素的不正确中和，攻击者利用该漏洞可以提升root权限

Description

A PoC exploit for CVE-2022-34753 - OS Command Injection in SpaceLogic C-Bus Home Controller

Readme

# CVE-2022-34753 - OS Command Injection in SpaceLogic C-Bus Home Controller

CVE-2022-34753 is a critical security vulnerability classified under CWE-78, indicating an "Improper Neutralization of Special Elements used in an OS Command" (commonly referred to as 'OS Command Injection'). This vulnerability poses a significant risk as it may lead to a remote root exploit if the affected command is compromised.

# Affected Products

This vulnerability affects the following product:

    Product Name: SpaceLogic C-Bus Home Controller (5200WHC2)
    Formerly Known As: C-Bus Wiser Home Controller MK2
    Version: V1.31.460 and prior

# Disclaimer

The PoC exploit provided is for educational and informational purposes only. The author is not responsible for any misuse or damage caused by the exploitation of this vulnerability.

File Snapshot


 [4.0K]  /data/pocs/38284b19a302ee3f681943c4eb7ded3d78988e62
├── [3.9K]  CVE-2022-34753.py
└── [ 830]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!