cbcvebase.
CVE-2013-2571
published 2020-01-28

CVE-2013-2571: Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP…

PriorityP178critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
16.20%
96.5th percentile
Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.

Affected

1 ranges
VendorProductVersion rangeFixed in
hcommxpient_iris<= 3.8

Detection & IOCsextracted from sources · hover to see the quote

port7510
command/bin/echo 1 1 | nc -vv <target>:7510
command1 1
  • Alert on any inbound TCP connection to port 7510 on POS terminals running Xpient Iris 3.8; the exploit requires no authentication and sends a two-integer payload ('1 1') to trigger the cash drawer.
  • Monitor for repeated TCP connections (up to 4 in quick succession with 1-second sleep intervals) to port 7510 from a single source, matching the PoC loop behavior.
  • Apply host-based firewall rules (e.g. Windows Firewall) on POS terminals to block all inbound traffic to TCP port 7510 as a compensating control.
  • ·Only Iris 3.8 builds prior to 1548 are vulnerable; build 1548 and higher are patched. Confirm the exact build number on target POS terminals before triaging alerts.
  • ·The vulnerability requires network-level access to the POS terminal; exploitation is only possible if an attacker (or malware) can reach the POS network segment.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.