Home / exploitsPDF  

Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root

Posted on 30 May 2022

Schneider Electric C-Bus Automation Controller (5500SHAC) version 1.10 suffers from an authenticated arbitrary command execution vulnerability. An attacker can abuse the Start-up (init) script editor and exploit the script POST parameter to insert malicious Lua script code and execute commands with root privileges that will grant full control of the device.

 

TOP