Low Privileged Remote Attackers Can Modify Boot Mode Configuration and Cause Firmware Upgrade Issues or DoS Attacks
CVE-2024-41967

8.1HIGH

Key Information:

Vendor
Wago
Status
Cc100 0751-9x01
Pfc100 G2 0750-811x-xxxx-xxxx
Pfc200 G2 750-821x-xxx-xxx
Tp600 0762-420x/8000-000x
Vendor
CVE Published:
18 November 2024

Summary

The vulnerability allows a remote attacker with low privileges to manipulate the boot mode configuration of devices manufactured by XYZ Corp. This flaw can lead to unauthorized modifications to the firmware upgrade process, resulting in potential operational disruptions. Attackers could exploit this vulnerability to execute denial-of-service attacks, affecting the availability and reliability of affected devices.

Affected Version(s)

CC100 0751-9x01 0.0.0 <= 4.5.10 (FW27)

CC100 0751/9x01 0.0.0 <= 04.03.03 (72)

CC100 0751/9x01 0.0.0 <= 04.04.03 (70)

References

https://cert.vde.com/en/advisories/VDE-2024-047

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Diego Giubertoni
Nozomi Networks
.
CVE-2024-41967 : Low Privileged Remote Attackers Can Modify Boot Mode Configuration and Cause Firmware Upgrade Issues or DoS Attacks | SecurityVulnerability.io