.. / CVE-2022-34753

Exploit for SpaceLogic C-Bus Home Controller <=1.31.460 - Remote Command Execution (CVE-2022-34753)

Description:

SpaceLogic C-Bus Home Controller through 1.31.460 is susceptible to remote command execution via improper neutralization of special elements. Remote root exploit can be enabled when the command is compromised, and an attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control without entering necessary credentials.

Nuclei Template

View the template here CVE-2022-34753.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-34753.yaml
Copy

References:

https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-02_SpaceLogic-C-Bus-Home-Controller-Wiser_MK2_Security_Notification.pdf
https://nvd.nist.gov/vuln/detail/CVE-2022-34753
http://packetstormsecurity.com/files/167783/Schneider-Electric-SpaceLogic-C-Bus-Home-Controller-5200WHC2-Remote-Root.html
https://www.zeroscience.mk/codes/SpaceLogic.txt
https://github.com/nomi-sec/PoC-in-GitHub