Post-authentication improper control of generation of code ('Code Injection') vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands.
| Vendor | Product | Versions |
|---|---|---|
| sma solar technology | appliance management | 12.4.3-03245, 12.5.0-02283 |
Updated severity to CRITICAL and marked the vulnerability as actively exploited.
Updated to indicate that the vulnerability is actively exploited, added new affected versions, and provided specific indicators of compromise.
Updated affected versions, changed severity to CRITICAL, marked as actively exploited, and noted that exploits are available.
Initial creation