Nuvation Energy Multi-Stack Controller OS Command Injection Vulnerability

An OS command injection vulnerability has been identified in Nuvation Energy's Multi-Stack Controller (MSC) versions prior to 2.5.1. This vulnerability allows for improper neutralization of special elements used in operating system commands, potentially leading to unauthorized command execution on the affected system.

Impact

Exploitation of this vulnerability allows for OS command injection, where an attacker can execute arbitrary commands on the host operating system where the MSC is running.

Remediation

Users are advised to update their Multi-Stack Controller to version 2.5.1 or later. Consult Nuvation's documentation for instructions on enabling authentication on the MSC and setting a strong password. Security-conscious users may also wish to restrict access to the nCloud service if it is not necessary for their operations.