CVE-2017-6048

HIGH

Satel-iberia Sennet Multitask Meter < 5.21a-1.18b - Command Injection

Title source: rule

Description

A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, and SenNet Multitask Meter V5.21a-1.18b and prior. Successful exploitation of this vulnerability could result in the attacker breaking out of the jailed shell and gaining full access to the system.

Exploits (1)

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/telnet/satel_cmd_exec.rb

View Code ZIP pw:eip

References (1)

[Mitigation, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-131-02

Scores

CVSS v3 8.8

EPSS 0.4562

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (4)

n/a/Satel Iberia SenNet Data Logger and Electricity Meters Satel Iberia SenNet Data Logger and Electricity Meters

satel-iberia/sennet_multitask_meter < 5.21a-1.18b

satel-iberia/sennet_optimal_datalogger < 5.37c-1.43c

satel-iberia/sennet_solar_datalogger < 5.03-1.56a

Published May 19, 2017

Tracked Since Feb 18, 2026