Full title: Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root Exploit 
Category: remote exploits
Platform: hardware
Schneider Electric C-Bus Automation Controller (5500SHAC) version 1.10 suffers from an authenticated arbitrary command execution vulnerability. An attacker can abuse the Start-up (init) script editor and exploit the script POST parameter to insert malicious Lua script code and execute commands with root privileges that will grant full control of the device.

# 0day.today @ http://0day.today/