CVE-2024-39601

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V5.40 SICORE Base system versions prior to V1.4.0

Description: A vulnerability has been identified that allows a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities. The issue is related to the lack of authentication for a critical function, which can be exploited by a remote attacker to lower the device's firmware version.

Recommendations: For CPCI85 Central Processing/Communication versions prior to V5.40, update to version V5.40 or later to resolve the issue. For SICORE Base system versions prior to V1.4.0, update to version V1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting physical access to the devices and limiting remote access to authenticated users only until a patch is applied.