Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a command injection vulnerability in the optional cli_control plugin that allows unauthenticated or cross-site request forgery attackers to execute arbitrary operating-system commands by storing a malicious payload via the plugin's HTTP endpoint. Attackers can trigger execution by activating the associated irrigation station, exploiting the absence of passphrase protection or the default passphrase 'opendoor', to achieve arbitrary command execution on the underlying host.
References
| Link | Resource |
|---|---|
| https://www.vulncheck.com/advisories/sustainable-irrigation-platform-rce-via-cli-control-plugin-command-injection | Third Party Advisory |
| https://www.zeroscience.mk/#/advisories/ZSL-2026-5999 | Exploit Third Party Advisory |
Configurations
History
14 Jul 2026, 18:45
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:dan-in-ca:sustainable_irrigation_platform:*:*:*:*:*:*:*:* | |
| First Time |
Dan-in-ca
Dan-in-ca sustainable Irrigation Platform |
|
| References | () https://www.vulncheck.com/advisories/sustainable-irrigation-platform-rce-via-cli-control-plugin-command-injection - Third Party Advisory | |
| References | () https://www.zeroscience.mk/#/advisories/ZSL-2026-5999 - Exploit, Third Party Advisory |
14 Jul 2026, 15:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-14 15:17
Updated : 2026-07-14 23:17
NVD link : CVE-2026-58479
Mitre link : CVE-2026-58479
CVE.ORG link : CVE-2026-58479
JSON object : View
Products Affected
dan-in-ca
- sustainable_irrigation_platform
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
