Local Command Execution Vulnerability in InterMesh Products by Siemens

CVE-2024-47904

Summary

A serious vulnerability has been discovered in Siemens' InterMesh products, specifically affecting the 7177 Hybrid 2.0 Subscriber and 7707 Fire Subscriber models. The flaw exists due to the presence of a SUID binary that can be exploited by authenticated local users. By leveraging this vulnerability, attackers could execute arbitrary commands with root privileges, which poses significant security risks. The affected versions include any variants of the InterMesh 7177 Hybrid 2.0 Subscriber below version 8.2.12 and the InterMesh 7707 Fire Subscriber below version 7.2.12, provided that the IP interface is enabled, which is not the default setting. Immediate action is recommended to mitigate this risk.

References