You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cwe-78
About this tag
The cwe-78 tag on WindowsForum.com covers OS command injection vulnerabilities, a critical security issue where attackers can execute arbitrary operating system commands through vulnerable applications. Tagged content includes discussions of CVE-2025-9996 and CVE-2025-9997, which describe OS command injection flaws in Schneider Electric Saitel DR and Saitel DP Remote Terminal Units (RTUs). These vulnerabilities allow authenticated console users to inject and execute shell commands. The tag focuses on industrial control system (ICS) security, patch management, and mitigation strategies for such flaws. Topics include firmware updates, workarounds, and coordinated disclosure practices. This tag is relevant for IT and OT security professionals managing embedded systems and industrial environments.
Schneider Electric has published coordinated advisories describing two OS command injection flaws in the BLMon monitoring console used by Saitel DR and Saitel DP Remote Terminal Units (RTUs), vulnerabilities that allow authenticated console users to inject and execute arbitrary shell commands...