CVE-2024-23317

Name of the Vulnerable Software and Affected Versions Controller 6000 and Controller 7000 versions 8.60 and prior Controller 6000 and Controller 7000 versions 8.70 prior to vCR8.70.240520a Controller 6000 and Controller 7000 versions 8.80 prior to vCR8.80.240520a Controller 6000 and Controller 7000 versions 8.90 prior to vCR8.90.240520a Controller 6000 and Controller 7000 versions 9.00 prior to vCR9.00.240521a Controller 6000 and Controller 7000 versions 9.10 prior to vCR9.10.240520a

Description The issue allows an attacker with local access to the Controller to perform arbitrary code execution due to External Control of File Name or Path. This can be exploited by an attacker to execute malicious code on the affected system.

Recommendations For versions 8.60 and prior, there is no information about a newer version that contains a fix for this issue. For version 8.70, update to vCR8.70.240520a or later. For version 8.80, update to vCR8.80.240520a or later. For version 8.90, update to vCR8.90.240520a or later. For version 9.00, update to vCR9.00.240521a or later. For version 9.10, update to vCR9.10.240520a or later.