File Write Vulnerability in InterMesh Products by Siemens
CVE-2024-47903

9.1CRITICAL

Key Information:

Vendor: Siemens
Status: Intermesh 7177 Hybrid 2.0 Subscriber
Vendor: CVE Published:; 23 October 2024

Summary

A vulnerability exists in the web server of certain InterMesh devices where an attacker can exploit it to write arbitrary files to the DocumentRoot directory. This affects all versions of InterMesh 7177 Hybrid 2.0 Subscriber prior to V8.2.12 and the InterMesh 7707 Fire Subscriber prior to V7.2.12 if the IP interface is enabled, which is not the default setting. This flaw poses significant risks, as it enables unauthorized modification of server files, potentially leading to further exploitation or unauthorized access.

References

https://cert-portal.siemens.com/productcert/html/ssa-3334...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 23, 2024