Privilege Escalation Vulnerability in Initi Script
CVE-2024-28137

7.8HIGH

Key Information:

Vendor: Phoenix Contact
Status: Charx Sec-3000; Charx Sec-3050; Charx Sec-3100; Charx Sec-3150
Vendor: CVE Published:; 14 May 2024

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2024-28137?

A local attacker with low privileges can exploit a time-of-check to time-of-use (TOCTOU) vulnerability in an init script associated with certain versions of the product. This flaw allows the attacker to elevate their privileges, potentially leading to unauthorized access and manipulation of system resources. Proper security measures and timely updates are essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

CHARX SEC-3000 0 <= 1.5.1

CHARX SEC-3050 0 <= 1.5.1

CHARX SEC-3100 0 <= 1.5.1

References

https://cert.vde.com/en/advisories/VDE-2024-019

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Mar 5, 2024

Credit

Trend Micro's Zero Day Initiative

Todd Manning