CVE-2017-6048

high-risk

Published 2017-05-19

A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, and SenNet Multitask Meter V5.21a-1.18b and prior. Successful exploitation of this vulnerability could result in the attacker breaking out of the jailed shell and gaining full access to the system.

Do I need to act?

45.6% chance of exploitation in next 30 days

EPSS score — higher than 54% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (3)

Sennet Multitask Meter

Sennet Optimal Datalogger

Sennet Solar Datalogger

Affected Vendors

Satel-Iberia

References (2)

Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-17-131-02

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 17/34 · Moderate

Exposure 9/34 · Low