CVE-2024-46603

Name of the Vulnerable Software and Affected Versions: Elspec Engineering G5 Digital Fault Recorder Firmware version 1.2.1.12

Description: The issue is related to an XML External Entity (XXE) vulnerability, which allows attackers to cause a Denial of Service (DoS) via a crafted XML payload. This vulnerability can be exploited by sending a manipulated XML payload to the affected system.

Recommendations: For Elspec Engineering G5 Digital Fault Recorder Firmware version 1.2.1.12, consider disabling the XML parsing functionality until a patch is available to prevent potential Denial of Service (DoS) attacks. Restrict access to the firmware to minimize the risk of exploitation. Avoid using the firmware with untrusted XML inputs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.