SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt
This event is generated when an attacker attempts to exploit an arbitrary code execution vulnerability in the HomeMatic CCU2 web interface.
Attempted User Privilege Gain
Rule checks for attempts to exploit an arbitrary code execution vulnerability in the HomeMatic CCU2 web interface.
Ease of attack
This rule will fire on all remote attempts to use the
exec command when using HomeMatic's TCL script interpreter.
- Cisco's Talos Intelligence Group