Issue:
CVE-2026-23759 vulnerability Perle IOLAN STS/SCS Authenticated Command Injection via 'shell ps'

Cause:
This vulnerability allows an admin level user to inject commands via 'shell ps'.
The user requires full admin level privileges to the IOLAN STS/SCS unit.

Solution:
The IOLAN SCS/STS code base is read only. Any modifications stored in memory using any of the available CLI commands are cleared on a system reboot.
Only configuration file and SDK plugins will retain the set values stored in flash.

To remove CLI access, disable SSH server port 22 and port 23 in the Security->Network Services section of the configuration.
Configure the IOLAN SCS/STS only using HTTP/HTTPS Webmanager and Perle DeviceManager, as those interfaces do not have CLI access available.