Vulnerabilities > Apsystems > Energy Communication Unit Firmware > c1.2.5

DATE CVE VULNERABILITY TITLE RISK
2023-03-14 CVE-2023-28343 OS Command Injection vulnerability in Apsystems Energy Communication Unit Firmware C1.2.5
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.
network
low complexity
apsystems CWE-78
critical
 9.8
9.8