An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://cert.vde.com/en/advisories/VDE-2024-041 |
History
Tue, 10 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Endress\+hauser
Endress\+hauser echo Curve Viewer Firmware Endress\+hauser field Xpert Smt50 Firmware Endress\+hauser field Xpert Smt70 Firmware Endress\+hauser field Xpert Smt77 Firmware Endress\+hauser field Xpert Smt79 Firmware Endress\+hauser fieldcare Sfe500 Package Usb Firmware Endress\+hauser fieldcare Sfe500 Package Web-package Firmware |
|
CPEs | cpe:2.3:o:endress\+hauser:echo_curve_viewer_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:endress\+hauser:field_xpert_smt50_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:endress\+hauser:field_xpert_smt70_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:endress\+hauser:field_xpert_smt77_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:endress\+hauser:field_xpert_smt79_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:endress\+hauser:fieldcare_sfe500_package_usb_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:endress\+hauser:fieldcare_sfe500_package_web-package_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Endress\+hauser
Endress\+hauser echo Curve Viewer Firmware Endress\+hauser field Xpert Smt50 Firmware Endress\+hauser field Xpert Smt70 Firmware Endress\+hauser field Xpert Smt77 Firmware Endress\+hauser field Xpert Smt79 Firmware Endress\+hauser fieldcare Sfe500 Package Usb Firmware Endress\+hauser fieldcare Sfe500 Package Web-package Firmware |
|
Metrics |
ssvc
|
Tue, 10 Sep 2024 08:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context. | |
Title | Endress+Hauser: Multiple products are vulnerable to code injection | |
Weaknesses | CWE-94 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: CERTVDE
Published: 2024-09-10T08:01:26.429Z
Updated: 2024-09-10T18:46:17.099Z
Reserved: 2024-07-09T08:00:06.415Z
Link: CVE-2024-6596
Vulnrichment
Updated: 2024-09-10T18:45:27.313Z
NVD
Status : Awaiting Analysis
Published: 2024-09-10T08:15:03.350
Modified: 2024-09-10T12:09:50.377
Link: CVE-2024-6596
Redhat
No data.