Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for METIS DFS by METIS Cyberspace Technology SA

    CVE-2026-2249 (GCVE-0-2026-2249)

    Vulnerability from nvd – Published: 2026-02-11 14:16 – Updated: 2026-02-12 15:20
    VLAI
    Title
    Unauthenticated Remote Command Execution via Web Console in METIS DFS
    Summary
    METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the software, granting unauthorized access to modify configuration, read and alter sensitive data, or disrupt services.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    • CWE-287 - Improper Authentication
    Assigner
    MHV
    References
    URL Tags
    https://www.metis.tech/ x_vendor-website
    https://cydome.io/vulnerability-advisory-cve-2026… technical-description
    Impacted products
    Vendor Product Version
    METIS Cyberspace Technology SA METIS DFS Affected: oscore 2.1.234-r18 (custom)
    Unaffected: oscore 2.1.235-r19 (custom)
    Create a notification for this product.
    Credits
    Cydome Security Ltd
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2249",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-11T14:47:17.943059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-11T14:48:28.435Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "METIS DFS",
              "vendor": "METIS Cyberspace Technology SA",
              "versions": [
                {
                  "status": "affected",
                  "version": "oscore 2.1.234-r18",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "oscore 2.1.235-r19",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cydome Security Ltd"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMETIS DFS devices (versions \u0026lt;= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with \u0027daemon\u0027 privileges. This results in the compromise of the software, granting unauthorized access to modify configuration, read and alter sensitive data, or disrupt services.\u003c/p\u003e"
                }
              ],
              "value": "METIS DFS devices (versions \u003c= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with \u0027daemon\u0027 privileges. This results in the compromise of the software, granting unauthorized access to modify configuration, read and alter sensitive data, or disrupt services."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-12T15:20:28.314Z",
            "orgId": "56a186b1-7f5e-4314-ba38-38d5499fccfd",
            "shortName": "MHV"
          },
          "references": [
            {
              "tags": [
                "x_vendor-website"
              ],
              "url": "https://www.metis.tech/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://cydome.io/vulnerability-advisory-cve-2026-2249-unauthenticated-rce-in-metis-data-fusion-server-dfs"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Unauthenticated Remote Command Execution via Web Console in METIS DFS",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "56a186b1-7f5e-4314-ba38-38d5499fccfd",
        "assignerShortName": "MHV",
        "cveId": "CVE-2026-2249",
        "datePublished": "2026-02-11T14:16:19.157Z",
        "dateReserved": "2026-02-09T13:38:43.331Z",
        "dateUpdated": "2026-02-12T15:20:28.314Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2249 (GCVE-0-2026-2249)

    Vulnerability from cvelistv5 – Published: 2026-02-11 14:16 – Updated: 2026-02-12 15:20
    VLAI
    Title
    Unauthenticated Remote Command Execution via Web Console in METIS DFS
    Summary
    METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the software, granting unauthorized access to modify configuration, read and alter sensitive data, or disrupt services.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    • CWE-287 - Improper Authentication
    Assigner
    MHV
    References
    URL Tags
    https://www.metis.tech/ x_vendor-website
    https://cydome.io/vulnerability-advisory-cve-2026… technical-description
    Impacted products
    Vendor Product Version
    METIS Cyberspace Technology SA METIS DFS Affected: oscore 2.1.234-r18 (custom)
    Unaffected: oscore 2.1.235-r19 (custom)
    Create a notification for this product.
    Credits
    Cydome Security Ltd
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2249",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-11T14:47:17.943059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-11T14:48:28.435Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "METIS DFS",
              "vendor": "METIS Cyberspace Technology SA",
              "versions": [
                {
                  "status": "affected",
                  "version": "oscore 2.1.234-r18",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "oscore 2.1.235-r19",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cydome Security Ltd"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMETIS DFS devices (versions \u0026lt;= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with \u0027daemon\u0027 privileges. This results in the compromise of the software, granting unauthorized access to modify configuration, read and alter sensitive data, or disrupt services.\u003c/p\u003e"
                }
              ],
              "value": "METIS DFS devices (versions \u003c= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with \u0027daemon\u0027 privileges. This results in the compromise of the software, granting unauthorized access to modify configuration, read and alter sensitive data, or disrupt services."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-12T15:20:28.314Z",
            "orgId": "56a186b1-7f5e-4314-ba38-38d5499fccfd",
            "shortName": "MHV"
          },
          "references": [
            {
              "tags": [
                "x_vendor-website"
              ],
              "url": "https://www.metis.tech/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://cydome.io/vulnerability-advisory-cve-2026-2249-unauthenticated-rce-in-metis-data-fusion-server-dfs"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Unauthenticated Remote Command Execution via Web Console in METIS DFS",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "56a186b1-7f5e-4314-ba38-38d5499fccfd",
        "assignerShortName": "MHV",
        "cveId": "CVE-2026-2249",
        "datePublished": "2026-02-11T14:16:19.157Z",
        "dateReserved": "2026-02-09T13:38:43.331Z",
        "dateUpdated": "2026-02-12T15:20:28.314Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }