Submit #814925: Acrel Electric Co., Ltd. EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 Command Injectioninfo

TitleAcrel Electric Co., Ltd. EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 Command Injection
DescriptionAcrel Electric Co., Ltd. Enterprise Microgrid Energy Efficiency Management System (ECEMS) fails to effectively verify and filter user-controllable inputs when processing the interface /SubstationWEBV2/main/uploadH5Files?version=1.0. This flaw allows attackers to upload arbitrary files and execute system commands. Successful exploitation enables attackers to gain server privileges, posing severe security risks.
Source⚠️ https://ucn9h68n9289.feishu.cn/wiki/DGcvwBIsFis9gvkhNXnckr4xn8c
User
 Anonymous User
Submission04/28/2026 13:05 (2 months ago)
Moderation05/26/2026 07:56 (28 days later)
StatusDuplicate
VulDB entry360865 [Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform uploadH5Files unrestricted upload]
Points0

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!