In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-254-01
https://github.com/Push3AX/vul/blob/main/viessmann/Vitogate300_RCE.md
https://connectivity.viessmann.com/gb/mp-fp/vitogate/vitogate-300-bn-mb.html