CVE-2024-47901

Published Oct 23, 2024

Last updated 18 days ago

CVSS critical 10.0

Overview

Description
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.
Source
productcert@siemens.com
NVD status
Analyzed

Risk scores

CVSS 4.0

Type
Secondary
Base score
10
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

productcert@siemens.com
CWE-78

Social media

Hype score
Not currently trending

  1. SEVERE VULNERABILITIES CISA Releases Three Industrial Control Systems Advisories URL: https://t.co/Z0xC7Gtvod Classification: Severe, Solution: Official Fix, Exploit Maturity: Proof-of-Concept, CVSSv4.0: 10.0 CVEs: CVE-2024-47901, CVE-2024-47902, CVE-2024-47903, #cisa #CyberSec

    @CharyyevPerman

    30 Oct 2024

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Critical Security Flaw Alert: CVE-2024-47901 in Siemens Intermesh! 🌟 CVSS Score 10: This vulnerability is rated as critical, indicating severe potential impact. #CyberSecurity 🌟 Affected Systems: Siemens Intermesh, widely used in industrial environments, is at risk.… https

    @ctilabs

    28 Oct 2024

    50 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    1 Quote

  3. 🚨CVE Alert: Critical Siemens InterMesh OS Command Injection Vulnerability🚨 Vulnerability Details: CVE-2024-47901 (CVSS 10/10) Siemens InterMesh OS Command Injection Vulnerability Impact A successful exploit could allow an unauthenticated remote attacker to execute arbitrary…

    @CyberxtronTech

    25 Oct 2024

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨CVE Alert: Critical Siemens InterMesh OS Command Injection Vulnerability🚨 Vulnerability Details: CVE-2024-47901 (CVSS 10/10) Siemens InterMesh OS Command Injection Vulnerability Impact A successful exploit could allow an unauthenticated remote attacker to execute arbitrary…

    @CyberxtronTech

    25 Oct 2024

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-47901 (CVSS 10): Critical Security Flaw in Siemens InterMesh https://t.co/XKrN9bRBBO

    @Dinosn

    25 Oct 2024

    2669 Impressions

    8 Retweets

    37 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  6. [CVE-2024-47901: CRITICAL] Critical vulnerability found in InterMesh 7177 Hybrid 2.0 &amp; InterMesh 7707 Fire Subscriber devices can grant remote attackers unauthenticated access with root privileges through code ex...#cybersecurity,#vulnerability https://t.co/EYVVACzhGi https:/

    @CveFindCom

    23 Oct 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References