Think you have a false positive on this rule?

Sid 1-47470

Message

SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt

Summary

This event is generated when an attacker attempts to exploit an arbitrary code execution vulnerability in the HomeMatic CCU2 web interface.

Impact

Attempted User Privilege Gain

Detailed information

Rule checks for attempts to exploit an arbitrary code execution vulnerability in the HomeMatic CCU2 web interface.

Affected systems

Ease of attack

False positives

This rule will fire on all remote attempts to use the exec command when using HomeMatic's TCL script interpreter.

False negatives

Not known

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References