An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server.
https://kb.supremainc.com/knowledge/doku.php?id=en:release_note_291
https://claroty.com/team82/disclosure-dashboard/cve-2023-33364