Eluktronics Control Center Command Injection Vulnerability in Powershell Script Handler
Vulnerability
A critical command injection vulnerability has been identified in Eluktronics Control Center version 5.23.51.41. The issue arises in an unknown function of the file \AiStoneService\MyControlCenter\Command, within the Powershell Script Handler component. This vulnerability allows local users to inject malicious commands, potentially leading to unauthorized execution of commands with elevated privileges.
Impact
Exploitation of this vulnerability allows for local privilege escalation, enabling a low-privileged user to inject commands into PowerShell scripts that are executed with NT AUTHORITY\SYSTEM privileges. This could result in full system access.
Reproduction
The vulnerability can be reproduced by placing a malicious PowerShell script in the directory where Eluktronics Control Center installs its scripts. Once the script is injected, it will be executed with system privileges, allowing for unauthorized access or actions on the system.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.