CVE-2022-1292

HIGH

Siemens Brownfield Connectivity Gateway < 2.15 - OS Command Injection

Title source: rule

Exploitation Summary

EIP tracks 6 public exploits for CVE-2022-1292. PoCs published by alcaparra, und3sc0n0c1d0, greek0x0.

AI-analyzed exploit summary This PoC demonstrates a command injection vulnerability in the c_rehash script due to improper sanitization of shell metacharacters in filenames. An attacker can execute arbitrary commands by crafting a malicious filename in the /etc/ssl/certs/ directory, which is processed by the script.

Description

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

Exploits (6)

nomisec WORKING POC 28 stars

by alcaparra · poc

https://github.com/alcaparra/CVE-2022-1292

View Code ZIP pw:eip

This PoC demonstrates a command injection vulnerability in the c_rehash script due to improper sanitization of shell metacharacters in filenames. An attacker can execute arbitrary commands by crafting a malicious filename in the /etc/ssl/certs/ directory, which is processed by the script.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: OpenSSL c_rehash script (versions prior to fix)

No auth needed

Prerequisites: Ability to write files to /etc/ssl/certs/ or other configured certificate directories · Execution of update-ca-certificates or c_rehash script

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 6 stars

by und3sc0n0c1d0 · poc

https://github.com/und3sc0n0c1d0/CVE-2022-1292

View Code ZIP pw:eip

This PoC exploits CVE-2022-1292, a command injection vulnerability in the c_rehash script. It includes functionality to check for vulnerability, execute arbitrary commands, and establish a reverse shell via crafted certificate filenames.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: OpenSSL c_rehash script (versions affected by CVE-2022-1292)

No auth needed

Prerequisites: Presence of vulnerable c_rehash script · Ability to write files in the target directory

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 6 stars

by greek0x0 · poc

https://github.com/greek0x0/CVE-2022-1292

View Code ZIP pw:eip

This repository provides a proof-of-concept for CVE-2022-1292, a command injection vulnerability in the c_rehash script due to improper sanitization of shell metacharacters in filenames. The PoC demonstrates how an attacker can execute arbitrary commands by crafting a malicious filename in the /etc/ssl/certs/ directory.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: c_rehash script (OpenSSL)

No auth needed

Prerequisites: Ability to write files to /etc/ssl/certs/ or other paths configured in update-ca-certificates

MITRE ATT&CK

T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 5 stars

by rama291041610 · poc

https://github.com/rama291041610/CVE-2022-1292

View Code ZIP pw:eip

This PoC demonstrates a command injection vulnerability in the c_rehash script due to improper sanitization of shell metacharacters. It creates a maliciously named certificate file to trigger arbitrary command execution when the script processes it.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: OpenSSL c_rehash script (versions 3.0.0-3.0.2, 1.1.1-1.1.1n, 1.0.2-1.0.2zd)

No auth needed

Prerequisites: OpenSSL with vulnerable c_rehash script installed · Ability to create files in a directory processed by c_rehash

MITRE ATT&CK

T1059.004 - Unix Shell T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec SCANNER 4 stars

by li8u99 · poc

https://github.com/li8u99/CVE-2022-1292

View Code ZIP pw:eip

This repository contains a simple bash script to check for the presence of CVE-2022-1292, a vulnerability in OpenSSL's c_rehash script. The script verifies if the system is vulnerable by checking for a specific command pattern in the c_rehash script.

Classification

Scanner 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: OpenSSL c_rehash script

No auth needed

Prerequisites: Access to the system where c_rehash is installed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

gitlab WRITEUP

by fraf0 · poc

https://gitlab.com/fraf0/cve-2022-1292-re_score-analysis

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2022-1292, focusing on the CVSS scoring and attack vector. It argues that the attack vector should be 'Local' rather than 'Network' and outlines realistic exploitation scenarios.

Classification

Writeup 100%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: OpenSSL c_rehash script (versions 3.0.0-3.0.2, 1.1.1-1.1.1n, 1.0.2-1.0.2zd)

Auth required

Prerequisites: Ability to create a malicious certificate file in a directory processed by c_rehash · Trick an administrator into running c_rehash with root privileges

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 23, 2026 Full analysis →