Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a malicious payload that is processed without adequate sanitization, resulting in arbitrary command execution with root-level privileges.
References
Configurations
No configuration.
History
30 Jun 2026, 23:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-30 23:17
Updated : 2026-06-30 23:17
NVD link : CVE-2026-56413
Mitre link : CVE-2026-56413
CVE.ORG link : CVE-2026-56413
JSON object : View
Products Affected
No product.
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
