The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00158}

epss

{'score': 0.00175}


Thu, 17 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Elvaco
Elvaco cme3100 Firmware
CPEs cpe:2.3:o:elvaco:cme3100_firmware:1.12.1:*:*:*:*:*:*:*
Vendors & Products Elvaco
Elvaco cme3100 Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 17 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
Description The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts.
Title Cross-site Scripting in Elvaco M-Bus Metering Gateway CMe3100
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2024-10-17T17:51:47.925Z

Reserved: 2024-10-14T22:56:08.990Z

Link: CVE-2024-49397

cve-icon Vulnrichment

Updated: 2024-10-17T16:57:57.686Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-17T17:15:12.573

Modified: 2024-10-18T12:52:33.507

Link: CVE-2024-49397

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.