CVE-2022-28223

CVE-2022-28223

CVSS 9.1 CRITICALEPSS 1.0%

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.

CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://medium.com/%40bertinjoseb/post-auth-rce-based-in-malicious-lua-plugin-script-upload-scada-controllers-located-in-russia-57044425ac38