VDE-2024-012
Vulnerability from csaf_ifmelectronicgmbh - Published: 2024-07-09 07:00 - Updated: 2026-01-15 11:00Summary
ifm: Vulnerabilities in ifm AC14 firmware
Notes
Summary: In ifm Smart PLC firmware up to version 4.3.17 for Smart PLC controllers AC14xx and AC4xxS, an attacker can access the configuration by using the hardcoded credentials. The endpoint hosts a scripts capable of executing various commands.
Impact: Please see the CVE description.
Mitigation: When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.
Remediation: Update to Firmware Version 6.1.8 or later.
An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.
9.1 (Critical)
Mitigation
When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.
Vendor Fix
Update to Firmware Version 6.1.8 or later.
A remote attacker with high privileges may use a deleting file function to inject OS commands.
7.2 (High)
Mitigation
When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.
Vendor Fix
Update to Firmware Version 6.1.8 or later.
A remote attacker with high privileges may use a writing file function to inject OS commands.
7.2 (High)
Mitigation
When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.
Vendor Fix
Update to Firmware Version 6.1.8 or later.
A remote attacker with high privileges may use a reading file function to inject OS commands.
7.2 (High)
Mitigation
When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.
Vendor Fix
Update to Firmware Version 6.1.8 or later.
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
9.8 (Critical)
Mitigation
When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.
Vendor Fix
Update to Firmware Version 6.1.8 or later.
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
certvde.com
Dragos
Logan Carpenter
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Logan Carpenter"
],
"organization": "Dragos",
"summary": "reporting"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "In ifm Smart PLC firmware up to version 4.3.17 for Smart PLC controllers AC14xx and AC4xxS, an attacker can access the configuration by using the hardcoded credentials. The endpoint hosts a scripts capable of executing various commands.",
"title": "Summary"
},
{
"category": "description",
"text": "Please see the CVE description.",
"title": "Impact"
},
{
"category": "description",
"text": "When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to Firmware Version 6.1.8 or later.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@ifm.com",
"name": "ifm electronic GmbH",
"namespace": "https://www.ifm.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2024-012: ifm: Vulnerabilities in ifm AC14 firmware - HTML",
"url": "https://certvde.com/en/advisories/VDE-2024-012/"
},
{
"category": "self",
"summary": "VDE-2024-012: ifm: Vulnerabilities in ifm AC14 firmware - CSAF",
"url": "https://ifm.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-012.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.ifm.com"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for ifm electronic GmbH",
"url": "https://certvde.com/en/advisories/vendor/ifm/"
}
],
"title": "ifm: Vulnerabilities in ifm AC14 firmware",
"tracking": {
"aliases": [
"VDE-2024-012"
],
"current_release_date": "2026-01-15T11:00:00.000Z",
"generator": {
"date": "2026-01-30T08:26:37.355Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.42"
}
},
"id": "VDE-2024-012",
"initial_release_date": "2024-07-09T07:00:00.000Z",
"revision_history": [
{
"date": "2024-07-09T07:00:00.000Z",
"number": "1.0.0",
"summary": "Initial revision."
},
{
"date": "2025-08-27T10:00:00.000Z",
"number": "1.1.0",
"summary": "Update: CWE from CVE-2024-28751, Revision History"
},
{
"date": "2026-01-06T11:00:00.000Z",
"number": "2.0.0",
"summary": "Fixed Version range, Added Score to Vulnerability CVE-2024-28750, deleted \"firmware\" from the full product name of the hardware, changed Vulnerability title to CVE description"
},
{
"date": "2026-01-15T11:00:00.000Z",
"number": "3.0.0",
"summary": "Update Product information"
}
],
"status": "final",
"version": "3.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Smart PLC AC1401",
"product": {
"name": "Smart PLC AC1401",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac1401:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "Smart PLC AC402s ",
"product": {
"name": "Smart PLC AC402s ",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac402s:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "Smart PLC AC1402",
"product": {
"name": "Smart PLC AC1402",
"product_id": "CSAFPID-32003",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac1402:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "Smart PLC AC1403",
"product": {
"name": "Smart PLC AC1403",
"product_id": "CSAFPID-32004",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac1403:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "Smart PLC AC1404",
"product": {
"name": "Smart PLC AC1404",
"product_id": "CSAFPID-32005",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac1404:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "Smart PLC AC1411",
"product": {
"name": "Smart PLC AC1411",
"product_id": "CSAFPID-32006",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac14011:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "Smart PLC AC1412",
"product": {
"name": "Smart PLC AC1412",
"product_id": "CSAFPID-32007",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac1412:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "Smart PLC AC1421",
"product": {
"name": "Smart PLC AC1421",
"product_id": "CSAFPID-32008",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac1421:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "Smart PLC AC1422",
"product": {
"name": "Smart PLC AC1421",
"product_id": "CSAFPID-32009",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac1422:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "Smart PLC AC1423",
"product": {
"name": "Smart PLC AC1423",
"product_id": "CSAFPID-32010",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac1423:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "Smart PLC AC1424",
"product": {
"name": "Smart PLC AC1424",
"product_id": "CSAFPID-32011",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac1424:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "Smart PLC AC1433",
"product": {
"name": "Smart PLC AC1433",
"product_id": "CSAFPID-32012",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac1433:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "Smart PLC AC1434",
"product": {
"name": "Smart PLC AC1434",
"product_id": "CSAFPID-32013",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac1434:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "Smart PLC AC422s ",
"product": {
"name": "Smart PLC AC422s ",
"product_id": "CSAFPID-32014",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac422s:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "Smart PLC AC424s ",
"product": {
"name": "Smart PLC AC424s ",
"product_id": "CSAFPID-32015",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac424s:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "Smart PLC AC432s ",
"product": {
"name": "Smart PLC AC432s ",
"product_id": "CSAFPID-32016",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac432s:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "Smart PLC AC434s ",
"product": {
"name": "Smart PLC AC434s ",
"product_id": "CSAFPID-32017",
"product_identification_helper": {
"cpe": "cpe:2.3:h:ifm_electronic:ac434s:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c=4.3.17",
"product": {
"name": "Firmware \u003c=V4.3.17",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "6.1.8",
"product": {
"name": "Firmware 6.1.8",
"product_id": "CSAFPID-22001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:ifm_electronic:ac_firmware:6.1.8:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "ifm"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-0001",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1401",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC402s ",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC1401",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC402s ",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1412",
"product_id": "CSAFPID-0001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-32007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1402",
"product_id": "CSAFPID-0004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-32003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1403",
"product_id": "CSAFPID-0005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-32004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1404",
"product_id": "CSAFPID-0006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-32005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1411",
"product_id": "CSAFPID-0007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-32006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1412",
"product_id": "CSAFPID-0008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-32007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1423",
"product_id": "CSAFPID-0009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-32010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1424",
"product_id": "CSAFPID-0010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-32011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1433",
"product_id": "CSAFPID-0011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-32012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1434",
"product_id": "CSAFPID-0012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-32013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC422s ",
"product_id": "CSAFPID-0013"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-32014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC424s ",
"product_id": "CSAFPID-0014"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-32015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC434s ",
"product_id": "CSAFPID-0015"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-32017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC432s ",
"product_id": "CSAFPID-0016"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-32016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.3.17 installed on Smart PLC AC1421",
"product_id": "CSAFPID-0017"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-32008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC1402",
"product_id": "CSAFPID-0018"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-32003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC1403",
"product_id": "CSAFPID-0019"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-32004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC1404",
"product_id": "CSAFPID-0020"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-32005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC1411",
"product_id": "CSAFPID-0021"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-32006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC1411",
"product_id": "CSAFPID-0023"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-32006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC1421",
"product_id": "CSAFPID-0024"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-32008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC1421",
"product_id": "CSAFPID-0025"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-32009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC1423",
"product_id": "CSAFPID-0026"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-32010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC1424",
"product_id": "CSAFPID-0027"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-32011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC1433",
"product_id": "CSAFPID-0028"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-32012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC1434",
"product_id": "CSAFPID-0029"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-32013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC422s ",
"product_id": "CSAFPID-0030"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-32014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC424s ",
"product_id": "CSAFPID-0031"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-32015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC432s ",
"product_id": "CSAFPID-0032"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-32016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 6.1.8 installed on Smart PLC AC434s ",
"product_id": "CSAFPID-0033"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-32017"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-28751",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "description",
"text": "An high privileged remote attacker can enable telnet access that accepts hardcoded credentials. \n",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-0001",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to Firmware Version 6.1.8 or later.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-0001",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017"
]
}
],
"title": "CVE-2024-28751"
},
{
"cve": "CVE-2024-28750",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "A remote attacker with high privileges may use a deleting file function to inject OS commands.\n",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-0001",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to Firmware Version 6.1.8 or later.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-0001",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017"
]
}
],
"title": "CVE-2024-28750"
},
{
"cve": "CVE-2024-28749",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "A remote attacker with high privileges may use a writing file function to inject OS commands.\n",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-0001",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to Firmware Version 6.1.8 or later.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-0001",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017"
]
}
],
"title": "CVE-2024-28749"
},
{
"cve": "CVE-2024-28748",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "A remote attacker with high privileges may use a reading file function to inject OS commands.\n",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-0001",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to Firmware Version 6.1.8 or later.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-0001",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017"
]
}
],
"title": "CVE-2024-28748"
},
{
"cve": "CVE-2024-28747",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "description",
"text": "An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.\n",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-0001",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "When using automation components, make sure that no unauthorized access can take place. Addition measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to Firmware Version 6.1.8 or later.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-0001",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017"
]
}
],
"title": "CVE-2024-28747"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…