Description
Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c' invocation running as root. An authenticated attacker who can log in to the device can inject shell metacharacters after the 'ps' subcommand to execute arbitrary OS commands with root privileges, leading to full compromise of the underlying operating system.
Published: 2026-03-17
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

Perle IOLAN STS and SCS terminal servers running firmware versions earlier than 6.0 are susceptible to OS command injection when an authenticated user issues the 'ps' command over the device’s restricted shell via Telnet or SSH. The shell does not sanitize arguments passed to a system sh -c call that runs as root, allowing an attacker to inject shell metacharacters and execute arbitrary commands with root privileges. This flaw is classified as CWE‑78 (OS Command Injection) and permits a fully compromised underlying operating system when exploited.

Affected Systems

The affected products are Perle IOLAN SCS and IOLAN STS terminal server models whose firmware is prior to version 6.0. The vendor has confirmed that the IOLAN SCG and SCR models do not contain this vulnerable functionality and are therefore not impacted.

Risk and Exploitability

The vulnerability carries a CVSS base score of 8.6, indicating high severity. No EPSS score is provided and the issue is not listed in the CISA KEV catalog, yet the attack requires authenticated access to the restricted shell via Telnet or SSH. Given that the command injection runs with root privileges, the potential impact on confidentiality, integrity, and availability is critical and extends to the entire device.

Generated by OpenCVE AI on March 17, 2026 at 17:14 UTC.

Remediation

Vendor Solution

The vendor has stated that the IOLAN SCG and SCR models do not contain this vulnerable functionality.

OpenCVE Recommended Actions

  • If the device is a Perle IOLAN SCG or SCR model, no action is required because the vendor has stated these models do not contain the vulnerable functionality.
  • For affected IOLAN SCS and IOLAN STS devices running firmware prior to 6.0, upgrade the firmware to version 6.0 or later; this version eliminates the command‑injection flaw as described by the vendor.
  • If a firmware upgrade cannot be applied immediately, disable Telnet and SSH access to the restricted shell or otherwise block authentication to the device until a patch is available.
  • After remediation, verify that the 'ps' command no longer accepts unsanitized arguments by attempting a benign test command; a failure indicates the issue persists and further action is needed.
  • Consult Perle support or the vendor’s documentation for any additional security settings or recommendations specific to your environment.

Generated by OpenCVE AI on March 17, 2026 at 17:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Perle Systems
Perle Systems iolan Scs
Perle Systems iolan Sts
Vendors & Products Perle Systems
Perle Systems iolan Scs
Perle Systems iolan Sts

Tue, 17 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Description Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c' invocation running as root. An authenticated attacker who can log in to the device can inject shell metacharacters after the 'ps' subcommand to execute arbitrary OS commands with root privileges, leading to full compromise of the underlying operating system.
Title Perle IOLAN STS/SCS Authenticated Command Injection via 'shell ps'
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Perle Systems Iolan Scs Iolan Sts
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-17T16:09:08.925Z

Reserved: 2026-01-15T18:42:20.938Z

Link: CVE-2026-23759

cve-icon Vulnrichment

Updated: 2026-03-17T16:09:05.704Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-17T16:16:20.127

Modified: 2026-03-18T14:52:44.227

Link: CVE-2026-23759

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:49:14Z

Weaknesses