Skip to main content

Terminal Handler CVE-2023-47295

| EUVDEUVD-2023-51422 CRITICAL
Improper Neutralization of Formula Elements in a CSV File (CWE-1236)
2025-06-23 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 22:10 euvd
EUVD-2023-51422
Analysis Generated
Mar 15, 2026 - 22:10 vuln.today
CVE Published
Jun 23, 2025 - 16:15 nvd
CRITICAL 9.8

DescriptionCVE.org

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.

AnalysisAI

CVE-2023-47295 is a critical CSV injection vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticated remote attackers to execute arbitrary commands through crafted payloads injected into any text input field. The vulnerability has a CVSS 9.8 score indicating maximum severity due to network accessibility, no authentication requirements, and complete system compromise potential (confidentiality, integrity, and availability impact). This represents a direct remote code execution risk affecting payment terminal infrastructure.

Technical ContextAI

The vulnerability exploits improper input validation in text field handling within NCR Terminal Handler v1.5.1. The root cause is classified under CWE-1236 (Improper Neutralization of Formula Elements in a CSV File), which occurs when user-supplied input is not properly sanitized before being processed or rendered in CSV contexts. Attackers can inject formula injection payloads (such as =, +, -, @, or tab characters followed by commands) that are interpreted as executable formulas by spreadsheet applications or backend processors. NCR Terminal Handler is payment terminal management software; the vulnerability exists in any text field accepting string input, indicating a systemic input validation failure rather than isolated to a single function. The affected CPE would be NCR Terminal Handler versions prior to the patched release.

RemediationAI

Immediate patching is critical: (1) Apply NCR Terminal Handler patch/update to version 1.5.2 or later as released by NCR; (2) If immediate patching is not possible, implement network-level mitigations: restrict access to Terminal Handler administrative interfaces to trusted IP ranges via firewall rules, implement WAF rules to block CSV injection payloads (regex filters for =, +, -, @, tab characters at string field boundaries); (3) Monitor for suspicious command execution on Terminal Handler systems; (4) Implement input validation at application layer even after patching—sanitize all text input to remove formula injection characters; (5) Run NCR Terminal Handler with minimal required privileges (non-root, service account with restricted permissions) to limit RCE impact. Vendor advisory links from NCR security bulletins and CERT/CC notifications should provide specific patch download URLs and affected product matrices. Do not deploy workarounds as permanent solutions—patching is mandatory.

Share

CVE-2023-47295 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy