Low Privileged Remote Attacker Can Write Arbitrary Files with Root Privileges
CVE-2024-41973

8.1HIGH

Key Information:

Vendor
Wago
Status
Cc100 0751-9x01
Pfc100 G2 0750-811x-xxxx-xxxx
Pfc200 G2 750-821x-xxx-xxx
Tp600 0762-420x/8000-000x
Vendor
CVE Published:
18 November 2024

Summary

A vulnerability has been identified in VDE products that allows a remote attacker, possessing low privileges, to specify arbitrary files on the server's filesystem. This flaw may enable unauthorized file writes with root privileges, posing a significant risk to the integrity and confidentiality of the affected systems. Attackers could leverage this vulnerability to manipulate critical system files, leading to potential exploitation and compromise of sensitive data.

Affected Version(s)

CC100 0751-9x01 0.0.0 <= 4.5.10 (FW27)

CC100 0751/9x01 0.0.0 <= 04.03.03 (72)

CC100 0751/9x01 0.0.0 <= 04.04.03 (70)

References

https://cert.vde.com/en/advisories/VDE-2024-047

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

Diego Giubertoni
Nozomi Networks
.
CVE-2024-41973 : Low Privileged Remote Attacker Can Write Arbitrary Files with Root Privileges | SecurityVulnerability.io