CVE Published: 18/01/2023 |
CVE Updated: 03/08/2024 |
CVE Year: 2022 Source: icscert |
Vendor: Sewio |
Product: RTLS Studio Status : PUBLISHED
CVE-2022-47911 Description
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.
Metrics
CVSS Version: 3.1 |
Base Score: 9.1 CRITICAL Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H