Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-56413

Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a malicious payload that is processed without adequate sanitization, resulting in arbitrary command execution with root-level privileges.

View on NVD

Analysis

El Storage Concentrator (SC y SCVM) presenta una vulnerabilidad de inyección de comandos que permite a un atacante remoto no autenticado ejecutar comandos arbitrarios con privilegios de root. Al enviar paquetes maliciosos al puerto TCP 9000, es posible comprometer totalmente el dispositivo sin necesidad de credenciales. Con un puntaje CVSS de 10.0, representa un riesgo crítico para la infraestructura de almacenamiento y redes.

Relevant roles

BackendCyberSecurityLinuxHardwareCloud

Severity

Score: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-78

EPSS

No EPSS score yet (CVE may be too fresh).

Technical description

Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a malicious payload that is processed without adequate sanitization, resulting in arbitrary command execution with root-level privileges.

Published: 6/30/2026, 11:17:32 PM
Last modified: 6/30/2026, 11:17:32 PM

References

HomeEventsBlogResourcesTeam