CVE-2022-47911

CRITICAL

Sewio Real-Time Location System Studio 2.0.0-2.6.2 - OS Command Injection via Backup Service Module Name

Title source: llm

Description

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.

References (1)

Core 1

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01

Scores

CVSS v3 9.1

EPSS 0.0124

EPSS Percentile 65.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

sewio/real-time_location_system_studio 2.0.0 - 2.6.2

Published Jan 18, 2023

Tracked Since Feb 18, 2026