CVE-2022-40282

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:belden:hirschmann_bat-c2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_bat-c2:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:21

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-Command-Injection.html - Exploit, Third Party Advisory () http://packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-Command-Injection.html - Exploit, Third Party Advisory
References () http://seclists.org/fulldisclosure/2022/Nov/19 - Exploit, Third Party Advisory () http://seclists.org/fulldisclosure/2022/Nov/19 - Exploit, Third Party Advisory
References () https://www.belden.com/support/security-assurance - Broken Link () https://www.belden.com/support/security-assurance - Broken Link

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-77 NVD-CWE-Other

01 Dec 2022, 13:45

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:o:belden:hirschmann_bat-c2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_bat-c2:-:*:*:*:*:*:*:*
CWE CWE-77
References (MISC) https://www.belden.com/support/security-assurance - (MISC) https://www.belden.com/support/security-assurance - Broken Link
References (FULLDISC) http://seclists.org/fulldisclosure/2022/Nov/19 - (FULLDISC) http://seclists.org/fulldisclosure/2022/Nov/19 - Exploit, Third Party Advisory
References (MISC) http://packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-Command-Injection.html - (MISC) http://packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-Command-Injection.html - Exploit, Third Party Advisory

30 Nov 2022, 23:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-Command-Injection.html -

29 Nov 2022, 21:15

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/Nov/19 -

25 Nov 2022, 13:59

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-25 05:15

Updated : 2024-11-21 07:21


NVD link : CVE-2022-40282

Mitre link : CVE-2022-40282

CVE.ORG link : CVE-2022-40282


JSON object : View

Products Affected

belden

  • hirschmann_bat-c2_firmware
  • hirschmann_bat-c2