A high-severity vulnerability has been discovered in multiple Primakon products utilizing the Pi Portal 1 component. This flaw allows an unauthenticated remote attacker to potentially execute arbitrary code on affected systems, leading to a complete system compromise. Organizations are urged to apply the vendor-provided security updates immediately to prevent potential data breaches, service disruption, and unauthorized access to their networks.

This vulnerability is a critical command injection flaw within the "Pi Portal 1" component. Due to insufficient input sanitization on a publicly exposed API endpoint, a remote, unauthenticated attacker can send a specially crafted HTTP request containing malicious commands. The server-side application improperly processes this input, executing the embedded commands with the privileges of the web service account, which can lead to Remote Code Execution (RCE).

Designated as a High severity vulnerability with a CVSS score of 8.6, successful exploitation poses a significant threat to the business. An attacker could leverage this flaw to steal sensitive corporate or customer data, install ransomware, disrupt critical business operations by taking the service offline, or use the compromised server as a pivot point to attack other internal systems. The potential consequences include severe financial losses, reputational damage, regulatory fines, and a loss of customer trust.

Immediate Action:

• Identify all instances of Primakon products running the affected Pi Portal 1 component within the environment.
• Prioritize these systems for immediate patching according to the organization's change management process.
• Apply the security updates provided by Primakon without delay to fully remediate the vulnerability.
• Verify that the patches have been successfully installed and the systems are no longer vulnerable.

Proactive Monitoring:

• Review web server and application access logs for unusual or malformed requests to the Pi Portal 1 API endpoints, particularly those containing shell commands or suspicious characters.
• Monitor for any unexpected outbound network connections from the servers hosting the affected software.
• Implement file integrity monitoring to detect the creation of unauthorized files or modifications to system binaries on the affected servers.

Compensating Controls:

• If immediate patching is not feasible, restrict network access to the affected portal to only trusted IP addresses and internal networks.
• Deploy a Web Application Firewall (WAF) with rules specifically designed to inspect and block malicious requests attempting to exploit this command injection vulnerability.
• Consider temporarily taking the affected service offline if the risk of compromise outweighs the need for availability.

Public Exploit Available: false

Given the High severity (CVSS 8.6) of this vulnerability and the risk of complete system compromise, we strongly recommend that organizations prioritize the immediate application of vendor-supplied patches. Although this vulnerability is not currently listed on the CISA KEV catalog, its critical nature warrants urgent attention. If patching is delayed, compensating controls such as network segmentation and WAF implementation should be deployed immediately to reduce the attack surface.