CRITICAL🇵🇱 Wersja polska

CVE-2023-47032

CVSS 9.8v3.1pub. 2025-06-23upd. 2025-06-25

Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-94 (Code Injection) affects the UserService function in the SOAP API interface of the NCR Terminal Handler application. An attacker sends a specially crafted script to the aforementioned API function, resulting in execution of the supplied code on the server side. No permissions or user interaction are required to conduct the attack, and the attack is executed remotely over the network.

Impact

An attacker can gain full control over the system, obtaining unauthorized access to data, ability to modify the system, and potential disruption of its operation.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. It is also recommended to restrict network access to the SOAP API interface only to trusted hosts and monitor traffic directed to the UserService endpoint.

Who is affected

NCR Terminal Handler version 1.5.1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ncr Terminal Handler

    APP
    Ncr
    1.5.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-47297CRITICAL9.8PL ✓ten sam produkt

NCR Terminal Handler — manipulacja ustawieniami umożliwia wykonanie dowolnych poleceń

CVE-2023-47029CRITICAL9.8PL ✓ten sam produkt

RCE i wyciek danych w NCR Terminal Handler przez komponent UserService

CVE-2023-47030CRITICAL9.8PL ✓ten sam produkt

RCE w NCR Terminal Handler via SOAP API — nieuwierzytelniony dostęp zdalny

CVE-2023-47031CRITICAL9.8PL ✓ten sam produkt

NCR Terminal Handler – privilege escalation przez SOAP API

CVE-2023-47295CRITICAL9.8PL ✓ten sam produkt

CSV Injection w NCR Terminal Handler umożliwia wykonanie dowolnych poleceń