Search criteria
1 vulnerability by Nedap Librix
CVE-2024-12757 (GCVE-0-2024-12757)
Vulnerability from cvelistv5 ā Published: 2025-01-17 17:41 ā Updated: 2025-01-21 15:40
VLAI?
Title
Nedap Librix Ecoreader Missing Authentication for Critical Function
Summary
Nedap Librix Ecoreader
is missing authentication for critical functions that could allow an
unauthenticated attacker to potentially execute malicious code.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nedap Librix | Ecoreader |
Affected:
all versions
|
Credits
Prajitesh Singh of Cyble reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T15:40:00.379855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T15:40:31.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ecoreader",
"vendor": "Nedap Librix",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Prajitesh Singh of Cyble reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Nedap Librix Ecoreader \n is missing authentication for critical functions that could allow an \nunauthenticated attacker to potentially execute malicious code.\n\n\u003cbr\u003e"
}
],
"value": "Nedap Librix Ecoreader \n is missing authentication for critical functions that could allow an \nunauthenticated attacker to potentially execute malicious code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T17:41:38.174Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-007-02"
}
],
"source": {
"advisory": "ICSA-25-007-02",
"discovery": "EXTERNAL"
},
"title": "Nedap Librix Ecoreader Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Nedap Librix did not respond to CISA\u0027s attempts to coordinate with them.\n\n\u003cbr\u003e"
}
],
"value": "Nedap Librix did not respond to CISA\u0027s attempts to coordinate with them."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-12757",
"datePublished": "2025-01-17T17:41:38.174Z",
"dateReserved": "2024-12-18T17:30:15.734Z",
"dateUpdated": "2025-01-21T15:40:31.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}