CVE-2019-10854
Description
Computrols CBAS 18.0.0 allows Authenticated Command Injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Computrols CBAS 18.0.0 contains an authenticated command injection vulnerability allowing arbitrary command execution.
Vulnerability
Computrols CBAS version 18.0.0 is vulnerable to authenticated command injection. The exact injection point is not disclosed in available references [1], [2].
Exploitation
An attacker must have valid authentication credentials to the CBAS system. Once authenticated, they can inject operating system commands through a vulnerable input field, leading to arbitrary command execution.
Impact
Successful exploitation allows an authenticated attacker to execute arbitrary commands on the underlying server, potentially leading to full compromise of the CBAS system and associated building automation infrastructure.
Mitigation
As of the publication date (2019-05-23), no official patch or workaround has been released by Computrols. Users should monitor vendor communications for updates and restrict network access to the CBAS system to trusted users only.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Computrols/CBASdescription
- Range: = 18.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- applied-risk.com/index.php/download_file/view/196/165mitrex_refsource_MISC
- applied-risk.com/labs/advisoriesmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.