Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most recent version of this product.
La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando del sistema operativo ('Inyección de comandos del sistema operativo') en Honeywell MB-Secure permite el abuso de privilegios. Este problema afecta a MB-Secure desde la versión 11.04 hasta la 12.53 y a MB-Secure PRO desde la versión 01.06 hasta la 03.09. Honeywell también recomienda actualizar a la versión más reciente de este producto.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-78
|
| [email protected] | Primary |
en
CWE-78
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| honeywell | mb-secure_firmware | * | <built-in method update of dict object at 0x7c3c327d9180> | Operating System |
| honeywell | mb-secure_pro_firmware | * | <built-in method update of dict object at 0x7c3c40d52d40> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:honeywell:mb-secure_firmware:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:honeywell:mb-secure:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:honeywell:mb-secure_pro_firmware:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:honeywell:mb-secure_pro:-:*:*:*:*:*:*:* |