CVE-2023-46359 — AI Deep Analysis Summary

🚨 **Essence**: OS Command Injection in eCharge Hardy Barth Ladestation. <br>💥 **Consequences**: Remote attackers can execute **arbitrary commands** on the system via the connectivity check feature.…

🛠️ **Root Cause**: Improper neutralization of special elements used in an OS command (**OS Command Injection**).…

📦 **Affected Product**: eCharge Hardy Barth eCharge Ladestation. <br>📅 **Versions**: **v1.87.0 and earlier**. If you are running this version or older, you are vulnerable.

👑 **Privileges**: The commands execute with the privileges of the application process. <br>📂 **Data**: Potential full system access, data exfiltration, or lateral movement within the network.…

🔓 **Threshold**: **LOW**. <br>👤 **Auth**: **Unauthenticated**. No login required. <br>🌐 **Access**: Remote exploitation via the network. Anyone who can reach the charging station's IP can attack.

💻 **Public Exp?**: **YES**. <br>📜 **PoC**: Available via ProjectDiscovery Nuclei templates. <br>🌍 **Wild Exp**: Referenced in Offensity blog. High risk of automated scanning and exploitation in the wild.

🔍 **Self-Check**: Use vulnerability scanners like **Nuclei** with the specific CVE-2023-46359 template.…

🛡️ **Official Fix**: The vendor (Hardy Barth) is the source of the fix. <br>📥 **Action**: Check `hardy.com` for firmware updates. Upgrade to a version **newer than v1.87.0** to mitigate this issue.

🚧 **No Patch?**: <br>1️⃣ **Network Segmentation**: Isolate the charging station from critical networks. <br>2️⃣ **Firewall**: Restrict access to the device's management ports to trusted IPs only.…

🔥 **Urgency**: **HIGH**. <br>⚠️ **Reason**: Unauthenticated, remote, and leads to full command execution. <br>🚀 **Priority**: Patch immediately or isolate the device. Do not ignore this vulnerability.