Details of VAR-202211-1777

ID

VAR-202211-1777

CVE

CVE-2022-40282

TITLE

Hirschmann BAT-C2 Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-85507 // CNNVD: CNNVD-202211-3473

DESCRIPTION

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21. Hirschmann BAT-C2 is a wireless access point of German Hirschmann company. There is a command injection vulnerability in belden Hirschmann BAT-C2 versions before 09.13.01.00R04. Attackers can use the vulnerability to launch command injection attacks

Trust: 1.53

sources: NVD: CVE-2022-40282 // CNVD: CNVD-2022-85507 // VULMON: CVE-2022-40282

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-85507

AFFECTED PRODUCTS

vendor:	belden	model:	hirschmann bat-c2	scope:	lt	version:	09.13.00r04	Trust: 1.0
vendor:	hirschmann	model:	bat-c2 <09.13.01.00r04	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-85507 // NVD: CVE-2022-40282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-40282
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2022-85507
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202211-3473
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2022-85507
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-40282
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-85507 // CNNVD: CNNVD-202211-3473 // NVD: CVE-2022-40282

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2022-40282

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-3473

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202211-3473

PATCH

title:	Patch for Hirschmann BAT-C2 Command Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/365176	Trust: 0.6
title:	Hirschmann BAT-C2 Fixes for command injection vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=215924	Trust: 0.6

sources: CNVD: CNVD-2022-85507 // CNNVD: CNNVD-202211-3473

EXTERNAL IDS

db:	NVD	id:	CVE-2022-40282	Trust: 2.3
db:	PACKETSTORM	id:	170063	Trust: 1.6
db:	CNVD	id:	CNVD-2022-85507	Trust: 0.6
db:	CXSECURITY	id:	WLB-2022120004	Trust: 0.6
db:	CNNVD	id:	CNNVD-202211-3473	Trust: 0.6
db:	VULMON	id:	CVE-2022-40282	Trust: 0.1

sources: CNVD: CNVD-2022-85507 // VULMON: CVE-2022-40282 // CNNVD: CNNVD-202211-3473 // NVD: CVE-2022-40282

REFERENCES

url:	https://www.belden.com/support/security-assurance	Trust: 2.3
url:	http://packetstormsecurity.com/files/170063/hirschmann-belden-bat-c2-8.8.1.0r8-command-injection.html	Trust: 2.2
url:	http://seclists.org/fulldisclosure/2022/nov/19	Trust: 1.6
url:	https://cxsecurity.com/issue/wlb-2022120004	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-40282/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-85507 // VULMON: CVE-2022-40282 // CNNVD: CNNVD-202211-3473 // NVD: CVE-2022-40282

CREDITS

T. Weber

Trust: 0.6

sources: CNNVD: CNNVD-202211-3473

SOURCES

db:	CNVD	id:	CNVD-2022-85507
db:	VULMON	id:	CVE-2022-40282
db:	CNNVD	id:	CNNVD-202211-3473
db:	NVD	id:	CVE-2022-40282

LAST UPDATE DATE

2024-08-14T13:21:26.458000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-85507	date:	2022-12-07T00:00:00
db:	VULMON	id:	CVE-2022-40282	date:	2022-11-25T00:00:00
db:	CNNVD	id:	CNNVD-202211-3473	date:	2022-12-02T00:00:00
db:	NVD	id:	CVE-2022-40282	date:	2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-85507	date:	2022-12-06T00:00:00
db:	VULMON	id:	CVE-2022-40282	date:	2022-11-25T00:00:00
db:	CNNVD	id:	CNNVD-202211-3473	date:	2022-11-25T00:00:00
db:	NVD	id:	CVE-2022-40282	date:	2022-11-25T05:15:13.010