CVE-2023-28343

CRITICAL EXPLOITED NUCLEI

Apsystems Energy Communication Unit Firmware - OS Command Injection

Title source: rule

Description

OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.

Exploits (5)

exploitdb WORKING POC

by Ahmed Alroky · pythonwebappshardware

https://www.exploit-db.com/exploits/51325

View Code ZIP pw:eip

nomisec WORKING POC 8 stars

by superzerosec · remote

https://github.com/superzerosec/CVE-2023-28343

View Code ZIP pw:eip

nomisec SUSPICIOUS 6 stars

by gobysec · poc

https://github.com/gobysec/CVE-2023-28343

View Code ZIP pw:eip

vulncheck_xdb

remote

https://github.com/hba343434/CVE-2023-28343

View on vulncheck_xdb

vulncheck_xdb WORKING POC

remote

https://github.com/ahmedalroky/Disclosures

View Code ZIP pw:eip

Nuclei Templates (1)

Altenergy Power Control Software C1.2.5 - Remote Command Injection

CRITICALby pikpikcu

Shodan: title:"Altenergy Power Control Software" || http.title:"altenergy power control software"

FOFA: title="altenergy power control software"

References (3)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/171775/Altenergy-Power-Control-Software-C1.2.5-Command-Injection.html

[Product] https://apsystems.com

[Exploit, Third Party Advisory] https://github.com/ahmedalroky/Disclosures/blob/main/apesystems/os_command_injection.md

Scores

CVSS v3 9.8

EPSS 0.9422

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-12-04

CWE

CWE-78

Status published

Products (1)

apsystems/energy_communication_unit_firmware c1.2.5

Published Mar 14, 2023

Tracked Since Feb 18, 2026