Unauthorized Access to Sensitive Data
CVE-2024-41970

5.7MEDIUM

Key Information:

Vendor

Wago

Status
Cc100 0751-9x01
Pfc100 G2 0750-811x-xxxx-xxxx
Pfc200 G2 750-821x-xxx-xxx
Tp600 0762-420x/8000-000x
Vendor
CVE Published:
18 November 2024

What is CVE-2024-41970?

A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources.

Affected Version(s)

CC100 0751-9x01 0.0.0 <= 4.5.10 (FW27)

CC100 0751/9x01 0.0.0 <= 04.03.03 (72)

CC100 0751/9x01 0.0.0 <= 04.04.03 (70)

References

https://cert.vde.com/en/advisories/VDE-2024-047

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

Diego Giubertoni
Nozomi Networks
.