PT-2024-3749 · Unknown · Cpci85 Central Processing/Communication+1
Constantin Schieber-Knöbl
+3
·
Published
2024-05-14
·
Updated
2024-07-09
·
CVE-2024-31485
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
CPCI85 Central Processing/Communication versions prior to V5.30
SICORE Base system versions prior to V1.3.0
Description:
A command injection vulnerability exists due to missing server-side input sanitation in the web interface of affected devices. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
Recommendations:
For CPCI85 Central Processing/Communication versions prior to V5.30, update to version V5.30 or later.
For SICORE Base system versions prior to V1.3.0, update to version V1.3.0 or later.
As a temporary workaround, consider restricting access to the web interface of affected devices to minimize the risk of exploitation.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cpci85 Central Processing/Communication
Sicore Base System