Qualcomm plctool Vulnerability Allows Local Attacker with Low Privileges to Gain Root Access
CVE-2024-26002

7.8HIGH

Key Information:

Vendor: Phoenix Contact
Status: Charx Sec-3000; Charx Sec-3050; Charx Sec-3100; Charx Sec-3150
Vendor: CVE Published:; 12 March 2024

Summary

An improper input validation vulnerability exists in Qualcomm's PLCTool, which can be exploited by a local attacker with low privileges. By changing the ownership of certain files, an attacker can escalate their privileges to root level, potentially compromising the system's integrity and security. This vulnerability highlights the importance of robust input validation to prevent unauthorized access and maintain system security.

Affected Version(s)

CHARX SEC-3000 0 <= 1.5.0

CHARX SEC-3050 0 <= 1.5.0

CHARX SEC-3100 0 <= 1.5.0

References

https://cert.vde.com/en/advisories/VDE-2024-011

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Feb 14, 2024

Credit

Peter Geissler

Rick De Jager

Carlo Meijer