Skip to main content

Turck TBEN Switch EUVDEUVD-2026-37042

| CVE-2026-5416 HIGH
OS Command Injection (CWE-78)
2026-06-16 CERTVDE GHSA-c4j4-gcv4-4jx8
8.7
CVSS 4.0 · Vendor: CERTVDE
Share

Severity by source

Vendor (CERTVDE) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Management interface is network-reachable (AV:N) with no special preconditions (AC:L), requires a low-privileged authenticated session (PR:L), no user interaction, and command injection on embedded firmware yields full C/I/A impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (CERTVDE).

CVSS VectorVendor: CERTVDE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Re-analysis Queued
Jun 16, 2026 - 10:22 vuln.today
cvss_changed
CVSS changed
Jun 16, 2026 - 10:22 NVD
8.8 (HIGH) 8.7 (HIGH)
Analysis Generated
Jun 16, 2026 - 10:21 vuln.today

DescriptionCVE.org

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise.

AnalysisAI

Command injection in Turck TBEN-LL-SE-M2, TBEN-L4-SE-M2, and TBEN-L5-SE-M2 Managed Ethernet Switches allows an authenticated low-privileged remote attacker to achieve full system compromise by injecting shell metacharacters into a name parameter. The flaw, reported by CERT@VDE, carries a CVSS 8.8 rating with no public exploit identified at time of analysis and is not currently listed in CISA KEV.

Technical ContextAI

The affected devices are Turck TBEN block I/O modules with integrated managed Ethernet switching, deployed in industrial automation and OT environments to connect PROFINET/EtherNet-IP fieldbus devices. The root cause is CWE-78 (Improper Neutralization of Special Elements used in an OS Command), where user-supplied input passed in a 'name' parameter is concatenated into an operating-system shell invocation without sanitization or argument separation, allowing metacharacters such as ; | & $() to break out of the intended command context. Because embedded industrial switches typically run their management web interface as root or an equivalent high-privileged firmware account, successful injection yields complete control over the device firmware and switching plane.

RemediationAI

Patch status is not explicitly stated in the supplied data; consult the CERT@VDE advisory at https://certvde.com/de/advisories/VDE-2026-038 for the vendor-released firmware version and apply it to all TBEN-LL-SE-M2, TBEN-L4-SE-M2, and TBEN-L5-SE-M2 devices. Until firmware can be updated, restrict access to the device management interface to a dedicated engineering VLAN or jump host, rotate and uniquely scope the low-privileged web/management accounts so a single credential leak does not enable lateral exploitation, and disable remote management protocols on untrusted interfaces - recognising the trade-off that tightening management access typically requires onsite or VPN-gated changes for routine OT operations.

Share

EUVD-2026-37042 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy