← Back to CVEs
CVE-2024-47901
CRITICAL10.0
Description
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.
CVE Details
CVSS v3.1 Score10.0
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published10/23/2024
Last Modified10/30/2024
Sourcenvd
Honeypot Sightings0
Affected Products
siemens:intermesh_7177_hybrid_2.0_subscribersiemens:intermesh_7707_fire_subscribersiemens:intermesh_7707_fire_subscriber_firmware
Weaknesses (CWE)
CWE-78
References
https://cert-portal.siemens.com/productcert/html/ssa-333468.html(productcert@siemens.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.