Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Management interface is network-reachable (AV:N) with no special preconditions (AC:L), requires a low-privileged authenticated session (PR:L), no user interaction, and command injection on embedded firmware yields full C/I/A impact.
Primary rating from Vendor (CERTVDE).
CVSS VectorVendor: CERTVDE
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise.
AnalysisAI
Command injection in Turck TBEN-LL-SE-M2, TBEN-L4-SE-M2, and TBEN-L5-SE-M2 Managed Ethernet Switches allows an authenticated low-privileged remote attacker to achieve full system compromise by injecting shell metacharacters into a name parameter. The flaw, reported by CERT@VDE, carries a CVSS 8.8 rating with no public exploit identified at time of analysis and is not currently listed in CISA KEV.
Technical ContextAI
The affected devices are Turck TBEN block I/O modules with integrated managed Ethernet switching, deployed in industrial automation and OT environments to connect PROFINET/EtherNet-IP fieldbus devices. The root cause is CWE-78 (Improper Neutralization of Special Elements used in an OS Command), where user-supplied input passed in a 'name' parameter is concatenated into an operating-system shell invocation without sanitization or argument separation, allowing metacharacters such as ; | & $() to break out of the intended command context. Because embedded industrial switches typically run their management web interface as root or an equivalent high-privileged firmware account, successful injection yields complete control over the device firmware and switching plane.
RemediationAI
Patch status is not explicitly stated in the supplied data; consult the CERT@VDE advisory at https://certvde.com/de/advisories/VDE-2026-038 for the vendor-released firmware version and apply it to all TBEN-LL-SE-M2, TBEN-L4-SE-M2, and TBEN-L5-SE-M2 devices. Until firmware can be updated, restrict access to the device management interface to a dedicated engineering VLAN or jump host, rotate and uniquely scope the low-privileged web/management accounts so a single credential leak does not enable lateral exploitation, and disable remote management protocols on untrusted interfaces - recognising the trade-off that tightening management access typically requires onsite or VPN-gated changes for routine OT operations.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37042
GHSA-c4j4-gcv4-4jx8