The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code.
History

Thu, 17 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Elvaco
Elvaco cme3100 Firmware
CPEs cpe:2.3:o:elvaco:cme3100_firmware:1.12.1:*:*:*:*:*:*:*
Vendors & Products Elvaco
Elvaco cme3100 Firmware
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 17 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
Description The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code.
Title Unrestricted Upload of File with Dangerous Type in Elvaco M-Bus Metering Gateway CMe3100
Weaknesses CWE-434
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-10-17T16:17:31.423Z

Updated: 2024-10-17T17:51:38.915Z

Reserved: 2024-10-14T22:56:08.990Z

Link: CVE-2024-49398

cve-icon Vulnrichment

Updated: 2024-10-17T16:57:56.658Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-17T17:15:12.680

Modified: 2024-10-18T12:52:33.507

Link: CVE-2024-49398

cve-icon Redhat

No data.