Ilevia EVE X1 is a server firmware used in industrial automation systems. This vulnerability allows a remote attacker to execute arbitrary code via the ping.php component, which does not perform secure filtering on IP parameters. This means an attacker can potentially gain unauthorized access to the system and manipulate its functionality.
You're affected if you use An. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Contact Ilevia directly for a patched version - there's no public patch link in the advisory.
Immediate mitigations:
- Restrict network access to your Ilevia EVE X1 instance (firewall it from the public internet)
- Audit server logs for suspicious activity patterns
- Monitor for unauthorized system changes