CVE-2024-47902

9.8CRITICAL

Key Information

Vendor: Siemens
Status: Intermesh 7177 Hybrid 2.0 Subscriber
Vendor: CVE Published:; 23 October 2024

Summary

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not authenticate GET requests that execute specific commands (such as ping) on operating system level.

Refferences

https://cert-portal.siemens.com/productcert/html/ssa-3334...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 23, 2024

Collectors

NVD Database