Primary

Context

Danfoss AK-SM800A Series Command Injection Vulnerability Leading to Remote Code Execution

Vulnerability

Patched

A command injection vulnerability has been identified in the Danfoss AK-SM800A Series, in versions prior to 4.3.1. This vulnerability arises from improper neutralization of alarm-to-mail configuration fields, which can be exploited to execute arbitrary commands on the system, potentially leading to post-authenticated remote code execution.

Impact

Exploitation of this vulnerability could allow for post-authenticated remote code execution on the affected system.

Remediation

Users can upgrade to the latest AK-SM 800A software package version 4.3.1 to address this vulnerability. This version includes important cybersecurity enhancements. For systems already configured for HTTPS, the remote update will be straightforward. However, for those still using HTTP, an on-site update is recommended.

Added: Aug 22, 2025, 3:18 AM

Updated: Aug 22, 2025, 3:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Danfoss AK-SM800A Series Command Injection Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Danfoss AK-SM 800A

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating