An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.
https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-43325