ByteOS Network

Eluktronics

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-7884

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-4.8||MEDIUM

EPSS-0.01% / 0.42%

7 Day CHG~0.00%

Published-20 Jul, 2025 | 11:02

Updated-22 Jul, 2025 | 13:06

Eluktronics Control Center REG File data authenticity

A vulnerability classified as problematic was found in Eluktronics Control Center 5.23.51.41. Affected by this vulnerability is an unknown functionality of the component REG File Handler. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-Eluktronics

Product-Control Center

CWE ID-CWE-345

Insufficient Verification of Data Authenticity

CVE-2025-7883

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-8.5||HIGH

EPSS-0.10% / 27.49%

7 Day CHG~0.00%

Published-20 Jul, 2025 | 10:44

Updated-22 Jul, 2025 | 13:06

Eluktronics Control Center Powershell Script Command command injection

A vulnerability classified as critical has been found in Eluktronics Control Center 5.23.51.41. Affected is an unknown function of the file \AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulation leads to command injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-Eluktronics

Product-Control Center

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')