{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/sustainable-irrigation-platform/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-58479"},{"cvss":8.1,"id":"CVE-2026-58476"},{"cvss":8.2,"id":"CVE-2026-58477"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Sustainable Irrigation Platform (SIP) through version 5.2.16","Sustainable Irrigation Platform (SIP) \u003c= 5.2.16"],"_cs_severities":["critical"],"_cs_tags":["command-injection","web-vulnerability","rce","ot","ics","cve-2026-58479"],"_cs_type":"advisory","_cs_vendors":["Sustainable Irrigation Platform"],"content_html":"\u003cp\u003eSustainable Irrigation Platform (SIP) through version 5.2.16 contains a critical command injection vulnerability, CVE-2026-58479, specifically within its optional \u003ccode\u003ecli_control\u003c/code\u003e plugin. This flaw enables unauthenticated attackers, or those utilizing Cross-Site Request Forgery (CSRF), to achieve arbitrary operating-system command execution. Attackers can store a malicious payload through the plugin's HTTP endpoint, then trigger its execution by activating an associated irrigation station. The vulnerability is exacerbated by the absence of passphrase protection or the use of a default 'opendoor' passphrase, which facilitates unauthorized access and command execution on the underlying host. This vulnerability has a CVSS v3.1 Base Score of 9.8, indicating its critical severity.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable Sustainable Irrigation Platform (SIP) instance running the \u003ccode\u003ecli_control\u003c/code\u003e plugin, exposed to the internet or an accessible internal network.\u003c/li\u003e\n\u003cli\u003eThe attacker determines the plugin's HTTP endpoint responsible for storing payloads, potentially leveraging unauthenticated access or a Cross-Site Request Forgery (CSRF) attack.\u003c/li\u003e\n\u003cli\u003eA malicious operating system command payload is crafted, designed to achieve the attacker's objective (e.g., establishing a reverse shell or exfiltrating data).\u003c/li\u003e\n\u003cli\u003eThe attacker sends an HTTP request to the \u003ccode\u003ecli_control\u003c/code\u003e plugin's endpoint to inject and store the crafted malicious payload.\u003c/li\u003e\n\u003cli\u003eExploiting the lack of strong passphrase protection or the default 'opendoor' passphrase, the attacker activates the associated irrigation station, triggering the execution of the stored command.\u003c/li\u003e\n\u003cli\u003eThe injected operating system commands are executed on the underlying host system, granting the attacker arbitrary code execution capabilities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eA successful exploitation of CVE-2026-58479 grants attackers arbitrary command execution on the underlying host system, potentially leading to full system compromise. This can result in unauthorized control over the irrigation infrastructure, data exfiltration, service disruption, or further lateral movement within the network. Given that Sustainable Irrigation Platforms are often deployed in critical infrastructure or agricultural sectors, the impact could range from significant financial losses due to system manipulation to widespread operational disruption.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-58479 on all Sustainable Irrigation Platform (SIP) instances to version 5.2.17 or later immediately.\u003c/li\u003e\n\u003cli\u003eEnsure strong, unique passphrases are used for all SIP configurations, and immediately change any default 'opendoor' passphrases mentioned in the CVE-2026-58479 details.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to restrict access to SIP instances and their \u003ccode\u003ecli_control\u003c/code\u003e plugin HTTP endpoints from untrusted networks.\u003c/li\u003e\n\u003cli\u003eMonitor webserver logs for unusual HTTP requests targeting the \u003ccode\u003ecli_control\u003c/code\u003e plugin, particularly those containing command injection characters in URI paths or query parameters.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-14T15:21:31Z","date_published":"2026-07-14T15:18:33Z","id":"https://feed.craftedsignal.io/briefs/2026-07-sustainable-irrigation-platform-rce/","summary":"A critical command injection vulnerability (CVE-2026-58479) exists in the optional cli_control plugin of Sustainable Irrigation Platform (SIP) versions up to 5.2.16, allowing unauthenticated or CSRF attackers to execute arbitrary operating-system commands by storing a malicious payload via the plugin's HTTP endpoint and triggering execution by activating an associated irrigation station.","title":"Command Injection in Sustainable Irrigation Platform cli_control Plugin","url":"https://feed.craftedsignal.io/briefs/2026-07-sustainable-irrigation-platform-rce/"}],"language":"en","title":"CraftedSignal Threat Feed - Sustainable Irrigation Platform","version":"https://jsonfeed.org/version/1.1"}