Vulnerability-Lookup

CVE-2024-28751 (GCVE-0-2024-28751)

Vulnerability from cvelistv5 – Published: 2024-07-09 07:11 – Updated: 2025-08-22 09:53

Title

ifm: Hardcoded telnet credentials in Smart PLC

Summary

An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-798 - Use of Hard-coded Credentials

Assigner

CERTVDE

References

1 reference

URL	Tags
https://cert.vde.com/en/advisories/VDE-2024-012

Impacted products

2 products

Vendor	Product	Version
ifm	Smart PLC AC14xx Firmware	Affected: 0 , ≤ V4.3.17 (semver)
ifm	Smart PLC AC4xxS Firmware	Affected: 0 , ≤ V4.3.17 (semver)

Credits

Logan Carpenter Dragos

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:ifm:smart_plc_ac14xx_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "smart_plc_ac14xx_firmware",
            "vendor": "ifm",
            "versions": [
              {
                "lessThanOrEqual": "4.3.17",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:ifm:smart_plc_ac4xxs_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "smart_plc_ac4xxs_firmware",
            "vendor": "ifm",
            "versions": [
              {
                "lessThanOrEqual": "4.3.17",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28751",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-09T16:32:27.801458Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-09T16:32:34.226Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:56:57.962Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2024-012"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Smart PLC AC14xx Firmware",
          "vendor": "ifm",
          "versions": [
            {
              "lessThanOrEqual": "V4.3.17",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Smart PLC AC4xxS Firmware",
          "vendor": "ifm",
          "versions": [
            {
              "lessThanOrEqual": "V4.3.17",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Logan Carpenter"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Dragos"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.\u0026nbsp;\u003cbr\u003e"
            }
          ],
          "value": "An high privileged remote attacker can enable telnet access that accepts hardcoded credentials."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-22T09:53:25.207Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-012"
        }
      ],
      "source": {
        "advisory": "VDE-2024-012",
        "defect": [
          "CERT@VDE#64595"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "ifm: Hardcoded telnet credentials in Smart PLC",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-28751",
    "datePublished": "2024-07-09T07:11:10.331Z",
    "dateReserved": "2024-03-08T08:39:32.661Z",
    "dateUpdated": "2025-08-22T09:53:25.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-28751",
      "date": "2026-05-27",
      "epss": "0.01045",
      "percentile": "0.77726"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.\\u00a0\\n\"}, {\"lang\": \"es\", \"value\": \" Un atacante remoto con altos privilegios puede habilitar el acceso telnet que acepte credenciales codificadas.\"}]",
      "id": "CVE-2024-28751",
      "lastModified": "2024-11-21T09:06:53.270",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 6.0}]}",
      "published": "2024-07-09T07:15:04.587",
      "references": "[{\"url\": \"https://cert.vde.com/en/advisories/VDE-2024-012\", \"source\": \"info@cert.vde.com\"}, {\"url\": \"https://cert.vde.com/en/advisories/VDE-2024-012\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "info@cert.vde.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-28751\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2024-07-09T07:15:04.587\",\"lastModified\":\"2025-08-22T10:15:31.163\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.\"},{\"lang\":\"es\",\"value\":\"Un atacante remoto con altos privilegios puede habilitar el acceso telnet que acepte credenciales codificadas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"references\":[{\"url\":\"https://cert.vde.com/en/advisories/VDE-2024-012\",\"source\":\"info@cert.vde.com\"},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2024-012\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cert.vde.com/en/advisories/VDE-2024-012\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T00:56:57.962Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-28751\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-09T16:32:27.801458Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:ifm:smart_plc_ac14xx_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"ifm\", \"product\": \"smart_plc_ac14xx_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.3.17\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:h:ifm:smart_plc_ac4xxs_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"ifm\", \"product\": \"smart_plc_ac4xxs_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.3.17\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-09T16:32:22.345Z\"}}], \"cna\": {\"title\": \"ifm: Hardcoded telnet credentials in Smart PLC\", \"source\": {\"defect\": [\"CERT@VDE#64595\"], \"advisory\": \"VDE-2024-012\", \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Logan Carpenter\"}, {\"lang\": \"en\", \"type\": \"reporter\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Dragos\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ifm\", \"product\": \"Smart PLC AC14xx Firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"V4.3.17\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ifm\", \"product\": \"Smart PLC AC4xxS Firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"V4.3.17\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://cert.vde.com/en/advisories/VDE-2024-012\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.\u0026nbsp;\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-798\", \"description\": \"CWE-798 Use of Hard-coded Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2025-08-22T09:53:25.207Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-28751\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-22T09:53:25.207Z\", \"dateReserved\": \"2024-03-08T08:39:32.661Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2024-07-09T07:11:10.331Z\", \"assignerShortName\": \"CERTVDE\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-28751

Vulnerability from fkie_nvd - Published: 2024-07-09 07:15 - Updated: 2026-04-15 00:35

Severity

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.

References

	URL	Tags
	info@cert.vde.com	https://cert.vde.com/en/advisories/VDE-2024-012
	af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en/advisories/VDE-2024-012

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An high privileged remote attacker can enable telnet access that accepts hardcoded credentials."
    },
    {
      "lang": "es",
      "value": "Un atacante remoto con altos privilegios puede habilitar el acceso telnet que acepte credenciales codificadas."
    }
  ],
  "id": "CVE-2024-28751",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-09T07:15:04.587",
  "references": [
    {
      "source": "info@cert.vde.com",
      "url": "https://cert.vde.com/en/advisories/VDE-2024-012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert.vde.com/en/advisories/VDE-2024-012"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Secondary"
    }
  ]
}

GHSA-GXM5-WJ75-XVM8

Vulnerability from github – Published: 2024-07-09 09:30 – Updated: 2025-08-22 12:30

Details

An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.

Severity

9.1 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-28751"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78",
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-09T07:15:04Z",
    "severity": "CRITICAL"
  },
  "details": "An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.\u00a0",
  "id": "GHSA-gxm5-wj75-xvm8",
  "modified": "2025-08-22T12:30:30Z",
  "published": "2024-07-09T09:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28751"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2024-012"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2024-28751

Vulnerability from gsd - Updated: 2024-03-09 06:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-28751

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-28751"
      ],
      "id": "GSD-2024-28751",
      "modified": "2024-03-09T06:02:28.766355Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-28751",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

VDE-2024-012

Vulnerability from csaf_ifmelectronicgmbh - Published: 2024-07-09 07:00 - Updated: 2026-01-15 11:00

Summary

ifm: Vulnerabilities in ifm AC14 firmware

Notes

Summary: In ifm Smart PLC firmware up to version 4.3.17 for Smart PLC controllers AC14xx and AC4xxS, an attacker can access the configuration by using the hardcoded credentials. The endpoint hosts a scripts capable of executing various commands.

Impact: Please see the CVE description.

Mitigation: When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.

Remediation: Update to Firmware Version 6.1.8 or later.

CVE-2024-28751

An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-798 - Use of Hard-coded Credentials

Mitigation When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.

Vendor Fix Update to Firmware Version 6.1.8 or later.

Affected products

Fixed 17 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-32001		—
Unresolved product id: CSAFPID-32002		—
Unresolved product id: CSAFPID-0018		—
Unresolved product id: CSAFPID-0019		—
Unresolved product id: CSAFPID-0020		—
Unresolved product id: CSAFPID-0021		—
Unresolved product id: CSAFPID-0023		—
Unresolved product id: CSAFPID-0024		—
Unresolved product id: CSAFPID-0025		—
Unresolved product id: CSAFPID-0026		—
Unresolved product id: CSAFPID-0027		—
Unresolved product id: CSAFPID-0028		—
Unresolved product id: CSAFPID-0029		—
Unresolved product id: CSAFPID-0030		—
Unresolved product id: CSAFPID-0031		—
Unresolved product id: CSAFPID-0032		—
Unresolved product id: CSAFPID-0033		—

Known affected 17 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-31001		—
Unresolved product id: CSAFPID-31002		—
Unresolved product id: CSAFPID-0001		—
Unresolved product id: CSAFPID-0004		—
Unresolved product id: CSAFPID-0005		—
Unresolved product id: CSAFPID-0006		—
Unresolved product id: CSAFPID-0007		—
Unresolved product id: CSAFPID-0008		—
Unresolved product id: CSAFPID-0009		—
Unresolved product id: CSAFPID-0010		—
Unresolved product id: CSAFPID-0011		—
Unresolved product id: CSAFPID-0012		—
Unresolved product id: CSAFPID-0013		—
Unresolved product id: CSAFPID-0014		—
Unresolved product id: CSAFPID-0015		—
Unresolved product id: CSAFPID-0016		—
Unresolved product id: CSAFPID-0017		—

CVE-2024-28750

A remote attacker with high privileges may use a deleting file function to inject OS commands.

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Vendor Fix Update to Firmware Version 6.1.8 or later.

Affected products

Fixed 17 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-32001		—
Unresolved product id: CSAFPID-32002		—
Unresolved product id: CSAFPID-0018		—
Unresolved product id: CSAFPID-0019		—
Unresolved product id: CSAFPID-0020		—
Unresolved product id: CSAFPID-0021		—
Unresolved product id: CSAFPID-0023		—
Unresolved product id: CSAFPID-0024		—
Unresolved product id: CSAFPID-0025		—
Unresolved product id: CSAFPID-0026		—
Unresolved product id: CSAFPID-0027		—
Unresolved product id: CSAFPID-0028		—
Unresolved product id: CSAFPID-0029		—
Unresolved product id: CSAFPID-0030		—
Unresolved product id: CSAFPID-0031		—
Unresolved product id: CSAFPID-0032		—
Unresolved product id: CSAFPID-0033		—

Known affected 17 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-31001		—
Unresolved product id: CSAFPID-31002		—
Unresolved product id: CSAFPID-0001		—
Unresolved product id: CSAFPID-0004		—
Unresolved product id: CSAFPID-0005		—
Unresolved product id: CSAFPID-0006		—
Unresolved product id: CSAFPID-0007		—
Unresolved product id: CSAFPID-0008		—
Unresolved product id: CSAFPID-0009		—
Unresolved product id: CSAFPID-0010		—
Unresolved product id: CSAFPID-0011		—
Unresolved product id: CSAFPID-0012		—
Unresolved product id: CSAFPID-0013		—
Unresolved product id: CSAFPID-0014		—
Unresolved product id: CSAFPID-0015		—
Unresolved product id: CSAFPID-0016		—
Unresolved product id: CSAFPID-0017		—

CVE-2024-28749

A remote attacker with high privileges may use a writing file function to inject OS commands.

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Vendor Fix Update to Firmware Version 6.1.8 or later.

Affected products

Fixed 17 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-32001		—
Unresolved product id: CSAFPID-32002		—
Unresolved product id: CSAFPID-0018		—
Unresolved product id: CSAFPID-0019		—
Unresolved product id: CSAFPID-0020		—
Unresolved product id: CSAFPID-0021		—
Unresolved product id: CSAFPID-0023		—
Unresolved product id: CSAFPID-0024		—
Unresolved product id: CSAFPID-0025		—
Unresolved product id: CSAFPID-0026		—
Unresolved product id: CSAFPID-0027		—
Unresolved product id: CSAFPID-0028		—
Unresolved product id: CSAFPID-0029		—
Unresolved product id: CSAFPID-0030		—
Unresolved product id: CSAFPID-0031		—
Unresolved product id: CSAFPID-0032		—
Unresolved product id: CSAFPID-0033		—

Known affected 17 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-31001		—
Unresolved product id: CSAFPID-31002		—
Unresolved product id: CSAFPID-0001		—
Unresolved product id: CSAFPID-0004		—
Unresolved product id: CSAFPID-0005		—
Unresolved product id: CSAFPID-0006		—
Unresolved product id: CSAFPID-0007		—
Unresolved product id: CSAFPID-0008		—
Unresolved product id: CSAFPID-0009		—
Unresolved product id: CSAFPID-0010		—
Unresolved product id: CSAFPID-0011		—
Unresolved product id: CSAFPID-0012		—
Unresolved product id: CSAFPID-0013		—
Unresolved product id: CSAFPID-0014		—
Unresolved product id: CSAFPID-0015		—
Unresolved product id: CSAFPID-0016		—
Unresolved product id: CSAFPID-0017		—

CVE-2024-28748

A remote attacker with high privileges may use a reading file function to inject OS commands.

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Vendor Fix Update to Firmware Version 6.1.8 or later.

Affected products

Fixed 17 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-32001		—
Unresolved product id: CSAFPID-32002		—
Unresolved product id: CSAFPID-0018		—
Unresolved product id: CSAFPID-0019		—
Unresolved product id: CSAFPID-0020		—
Unresolved product id: CSAFPID-0021		—
Unresolved product id: CSAFPID-0023		—
Unresolved product id: CSAFPID-0024		—
Unresolved product id: CSAFPID-0025		—
Unresolved product id: CSAFPID-0026		—
Unresolved product id: CSAFPID-0027		—
Unresolved product id: CSAFPID-0028		—
Unresolved product id: CSAFPID-0029		—
Unresolved product id: CSAFPID-0030		—
Unresolved product id: CSAFPID-0031		—
Unresolved product id: CSAFPID-0032		—
Unresolved product id: CSAFPID-0033		—

Known affected 17 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-31001		—
Unresolved product id: CSAFPID-31002		—
Unresolved product id: CSAFPID-0001		—
Unresolved product id: CSAFPID-0004		—
Unresolved product id: CSAFPID-0005		—
Unresolved product id: CSAFPID-0006		—
Unresolved product id: CSAFPID-0007		—
Unresolved product id: CSAFPID-0008		—
Unresolved product id: CSAFPID-0009		—
Unresolved product id: CSAFPID-0010		—
Unresolved product id: CSAFPID-0011		—
Unresolved product id: CSAFPID-0012		—
Unresolved product id: CSAFPID-0013		—
Unresolved product id: CSAFPID-0014		—
Unresolved product id: CSAFPID-0015		—
Unresolved product id: CSAFPID-0016		—
Unresolved product id: CSAFPID-0017		—

CVE-2024-28747

An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 - Use of Hard-coded Credentials

Vendor Fix Update to Firmware Version 6.1.8 or later.

Affected products

Fixed 17 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-32001		—
Unresolved product id: CSAFPID-32002		—
Unresolved product id: CSAFPID-0018		—
Unresolved product id: CSAFPID-0019		—
Unresolved product id: CSAFPID-0020		—
Unresolved product id: CSAFPID-0021		—
Unresolved product id: CSAFPID-0023		—
Unresolved product id: CSAFPID-0024		—
Unresolved product id: CSAFPID-0025		—
Unresolved product id: CSAFPID-0026		—
Unresolved product id: CSAFPID-0027		—
Unresolved product id: CSAFPID-0028		—
Unresolved product id: CSAFPID-0029		—
Unresolved product id: CSAFPID-0030		—
Unresolved product id: CSAFPID-0031		—
Unresolved product id: CSAFPID-0032		—
Unresolved product id: CSAFPID-0033		—

Known affected 17 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-31001		—
Unresolved product id: CSAFPID-31002		—
Unresolved product id: CSAFPID-0001		—
Unresolved product id: CSAFPID-0004		—
Unresolved product id: CSAFPID-0005		—
Unresolved product id: CSAFPID-0006		—
Unresolved product id: CSAFPID-0007		—
Unresolved product id: CSAFPID-0008		—
Unresolved product id: CSAFPID-0009		—
Unresolved product id: CSAFPID-0010		—
Unresolved product id: CSAFPID-0011		—
Unresolved product id: CSAFPID-0012		—
Unresolved product id: CSAFPID-0013		—
Unresolved product id: CSAFPID-0014		—
Unresolved product id: CSAFPID-0015		—
Unresolved product id: CSAFPID-0016		—
Unresolved product id: CSAFPID-0017		—

References

4 references

URL	Category
https://certvde.com/en/advisories/VDE-2024-012/	self
https://ifm.csaf-tp.certvde.com/.well-known/csaf/…	self
https://www.ifm.com	external
https://certvde.com/en/advisories/vendor/ifm/	external

Acknowledgments

CERT@VDE certvde.com

Dragos Logan Carpenter

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Logan Carpenter"
        ],
        "organization": "Dragos",
        "summary": "reporting"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "In ifm Smart PLC firmware up to version 4.3.17 for Smart PLC controllers AC14xx and AC4xxS, an attacker can access the configuration by using the hardcoded credentials. The endpoint hosts a scripts capable of executing various commands.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Please see the CVE description.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "Update to Firmware Version 6.1.8 or later.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@ifm.com",
      "name": "ifm electronic GmbH",
      "namespace": "https://www.ifm.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2024-012: ifm: Vulnerabilities in ifm AC14 firmware - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2024-012/"
      },
      {
        "category": "self",
        "summary": "VDE-2024-012: ifm: Vulnerabilities in ifm AC14 firmware - CSAF",
        "url": "https://ifm.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-012.json"
      },
      {
        "category": "external",
        "summary": "Vendor PSIRT",
        "url": "https://www.ifm.com"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for ifm electronic GmbH",
        "url": "https://certvde.com/en/advisories/vendor/ifm/"
      }
    ],
    "title": "ifm: Vulnerabilities in ifm AC14 firmware",
    "tracking": {
      "aliases": [
        "VDE-2024-012"
      ],
      "current_release_date": "2026-01-15T11:00:00.000Z",
      "generator": {
        "date": "2026-01-30T08:26:37.355Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.42"
        }
      },
      "id": "VDE-2024-012",
      "initial_release_date": "2024-07-09T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-07-09T07:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial revision."
        },
        {
          "date": "2025-08-27T10:00:00.000Z",
          "number": "1.1.0",
          "summary": "Update: CWE from CVE-2024-28751, Revision History"
        },
        {
          "date": "2026-01-06T11:00:00.000Z",
          "number": "2.0.0",
          "summary": "Fixed Version range, Added Score to Vulnerability CVE-2024-28750, deleted \"firmware\" from the full product name of the hardware, changed Vulnerability title to CVE description"
        },
        {
          "date": "2026-01-15T11:00:00.000Z",
          "number": "3.0.0",
          "summary": "Update Product information"
        }
      ],
      "status": "final",
      "version": "3.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Smart PLC AC1401",
                "product": {
                  "name": "Smart PLC AC1401",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac1401:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Smart PLC AC402s ",
                "product": {
                  "name": "Smart PLC AC402s ",
                  "product_id": "CSAFPID-11002",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac402s:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Smart PLC AC1402",
                "product": {
                  "name": "Smart PLC AC1402",
                  "product_id": "CSAFPID-32003",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac1402:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Smart PLC AC1403",
                "product": {
                  "name": "Smart PLC AC1403",
                  "product_id": "CSAFPID-32004",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac1403:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Smart PLC AC1404",
                "product": {
                  "name": "Smart PLC AC1404",
                  "product_id": "CSAFPID-32005",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac1404:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Smart PLC AC1411",
                "product": {
                  "name": "Smart PLC AC1411",
                  "product_id": "CSAFPID-32006",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac14011:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Smart PLC AC1412",
                "product": {
                  "name": "Smart PLC AC1412",
                  "product_id": "CSAFPID-32007",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac1412:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Smart PLC AC1421",
                "product": {
                  "name": "Smart PLC AC1421",
                  "product_id": "CSAFPID-32008",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac1421:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Smart PLC AC1422",
                "product": {
                  "name": "Smart PLC AC1421",
                  "product_id": "CSAFPID-32009",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac1422:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Smart PLC AC1423",
                "product": {
                  "name": "Smart PLC AC1423",
                  "product_id": "CSAFPID-32010",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac1423:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Smart PLC AC1424",
                "product": {
                  "name": "Smart PLC AC1424",
                  "product_id": "CSAFPID-32011",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac1424:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Smart PLC AC1433",
                "product": {
                  "name": "Smart PLC AC1433",
                  "product_id": "CSAFPID-32012",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac1433:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Smart PLC AC1434",
                "product": {
                  "name": "Smart PLC AC1434",
                  "product_id": "CSAFPID-32013",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac1434:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Smart PLC AC422s ",
                "product": {
                  "name": "Smart PLC AC422s ",
                  "product_id": "CSAFPID-32014",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac422s:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Smart PLC AC424s ",
                "product": {
                  "name": "Smart PLC AC424s ",
                  "product_id": "CSAFPID-32015",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac424s:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Smart PLC AC432s ",
                "product": {
                  "name": "Smart PLC AC432s ",
                  "product_id": "CSAFPID-32016",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac432s:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Smart PLC AC434s ",
                "product": {
                  "name": "Smart PLC AC434s ",
                  "product_id": "CSAFPID-32017",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:ac434s:*:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:semver/\u003c=4.3.17",
                "product": {
                  "name": "Firmware \u003c=V4.3.17",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version",
                "name": "6.1.8",
                "product": {
                  "name": "Firmware 6.1.8",
                  "product_id": "CSAFPID-22001",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:o:ifm_electronic:ac_firmware:6.1.8:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "ifm"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-0001",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011",
          "CSAFPID-0012",
          "CSAFPID-0013",
          "CSAFPID-0014",
          "CSAFPID-0015",
          "CSAFPID-0016",
          "CSAFPID-0017"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-0018",
          "CSAFPID-0019",
          "CSAFPID-0020",
          "CSAFPID-0021",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033"
        ],
        "summary": "Fixed products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1401",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC402s ",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC1401",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC402s ",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1412",
          "product_id": "CSAFPID-0001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-32007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1402",
          "product_id": "CSAFPID-0004"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-32003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1403",
          "product_id": "CSAFPID-0005"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-32004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1404",
          "product_id": "CSAFPID-0006"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-32005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1411",
          "product_id": "CSAFPID-0007"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-32006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1412",
          "product_id": "CSAFPID-0008"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-32007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1423",
          "product_id": "CSAFPID-0009"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-32010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1424",
          "product_id": "CSAFPID-0010"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-32011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1433",
          "product_id": "CSAFPID-0011"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-32012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1434",
          "product_id": "CSAFPID-0012"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-32013"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC422s ",
          "product_id": "CSAFPID-0013"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-32014"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC424s ",
          "product_id": "CSAFPID-0014"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-32015"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC434s ",
          "product_id": "CSAFPID-0015"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-32017"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC432s ",
          "product_id": "CSAFPID-0016"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-32016"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1421",
          "product_id": "CSAFPID-0017"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-32008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC1402",
          "product_id": "CSAFPID-0018"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-32003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC1403",
          "product_id": "CSAFPID-0019"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-32004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC1404",
          "product_id": "CSAFPID-0020"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-32005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC1411",
          "product_id": "CSAFPID-0021"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-32006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC1411",
          "product_id": "CSAFPID-0023"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-32006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC1421",
          "product_id": "CSAFPID-0024"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-32008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC1421",
          "product_id": "CSAFPID-0025"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-32009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC1423",
          "product_id": "CSAFPID-0026"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-32010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC1424",
          "product_id": "CSAFPID-0027"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-32011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC1433",
          "product_id": "CSAFPID-0028"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-32012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC1434",
          "product_id": "CSAFPID-0029"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-32013"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC422s ",
          "product_id": "CSAFPID-0030"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-32014"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC424s ",
          "product_id": "CSAFPID-0031"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-32015"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC432s ",
          "product_id": "CSAFPID-0032"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-32016"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 6.1.8 installed on Smart PLC AC434s ",
          "product_id": "CSAFPID-0033"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-32017"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-28751",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "description",
          "text": "An high privileged remote attacker can enable telnet access that accepts hardcoded credentials. \n",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-0018",
          "CSAFPID-0019",
          "CSAFPID-0020",
          "CSAFPID-0021",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-0001",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011",
          "CSAFPID-0012",
          "CSAFPID-0013",
          "CSAFPID-0014",
          "CSAFPID-0015",
          "CSAFPID-0016",
          "CSAFPID-0017"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to Firmware Version 6.1.8 or later.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.1,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "temporalScore": 9.1,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-0001",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017"
          ]
        }
      ],
      "title": "CVE-2024-28751"
    },
    {
      "cve": "CVE-2024-28750",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "A remote attacker with high privileges may use a deleting file function to inject OS commands.\n",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-0018",
          "CSAFPID-0019",
          "CSAFPID-0020",
          "CSAFPID-0021",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-0001",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011",
          "CSAFPID-0012",
          "CSAFPID-0013",
          "CSAFPID-0014",
          "CSAFPID-0015",
          "CSAFPID-0016",
          "CSAFPID-0017"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to Firmware Version 6.1.8 or later.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.2,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "temporalScore": 7.2,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-0001",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017"
          ]
        }
      ],
      "title": "CVE-2024-28750"
    },
    {
      "cve": "CVE-2024-28749",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "A remote attacker with high privileges may use a writing file function to inject OS commands.\n",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-0018",
          "CSAFPID-0019",
          "CSAFPID-0020",
          "CSAFPID-0021",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-0001",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011",
          "CSAFPID-0012",
          "CSAFPID-0013",
          "CSAFPID-0014",
          "CSAFPID-0015",
          "CSAFPID-0016",
          "CSAFPID-0017"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to Firmware Version 6.1.8 or later.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.2,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "temporalScore": 7.2,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-0001",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017"
          ]
        }
      ],
      "title": "CVE-2024-28749"
    },
    {
      "cve": "CVE-2024-28748",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "A remote attacker with high privileges may use a reading file function to inject OS commands.\n",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-0018",
          "CSAFPID-0019",
          "CSAFPID-0020",
          "CSAFPID-0021",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-0001",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011",
          "CSAFPID-0012",
          "CSAFPID-0013",
          "CSAFPID-0014",
          "CSAFPID-0015",
          "CSAFPID-0016",
          "CSAFPID-0017"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to Firmware Version 6.1.8 or later.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.2,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "temporalScore": 7.2,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-0001",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017"
          ]
        }
      ],
      "title": "CVE-2024-28748"
    },
    {
      "cve": "CVE-2024-28747",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "description",
          "text": "An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.\n",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-0018",
          "CSAFPID-0019",
          "CSAFPID-0020",
          "CSAFPID-0021",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-0001",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011",
          "CSAFPID-0012",
          "CSAFPID-0013",
          "CSAFPID-0014",
          "CSAFPID-0015",
          "CSAFPID-0016",
          "CSAFPID-0017"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to Firmware Version 6.1.8 or later.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-0001",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017"
          ]
        }
      ],
      "title": "CVE-2024-28747"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-28751 (GCVE-0-2024-28751)

FKIE_CVE-2024-28751

GHSA-GXM5-WJ75-XVM8

GSD-2024-28751

VDE-2024-012

Tags

Sightings

Nomenclature