CVE-2025-1036 | THREATINT

Description

Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the TropOS 4th Gen device.

PUBLISHED Reserved 2025-02-04 | Published 2025-10-28 | Updated 2025-10-28 | Assigner Hitachi Energy

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unaffected

8.7.0.0 (custom)

affected

References

publisher.hitachienergy.com/...DocumentPartId=&Action=Launch

cve.org (CVE-2025-1036)

nvd.nist.gov (CVE-2025-1036)

Download JSON