VDE-2024-018

Vulnerability from csaf_wiesemanntheisgmbh - Published: 2024-02-28 07:00 - Updated: 2025-05-14 12:36
Summary
Wiesemann & Theis: Multiple products prone to unquoted search path
Notes
Summary: Multiple Wiesemann & Theis software products are affected by a vulnerability through an unquoted search path in the Windows registry. A local attacker can execute arbitrary code and gain administrative privileges by inserting an executable file in the path of the affected product. Update A, 07.03.2024 Incorrect version numbers have been corrected.
Impact: A local attacker can execute arbitrary code through the affected products and gain administrative privileges by inserting an executable file in a specific path.
Remediation: Remediation - Update Com Redirector Legacy external link to version 3.94 or higher (Art.No. 00102) - Update Com Redirector PnP external link to version 4.43 or higher (Art.No. 00111) - Update OPC-Server external link to version 4.89 or higher (Art.No. 00103)
CVE-2024-25552

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product.

7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-428 - Unquoted Search Path or Element
Vendor Fix - Update Com Redirector Legacy external link to version 3.94 or higher (Art.No. 00102) - Update Com Redirector PnP external link to version 4.43 or higher (Art.No. 00111) - Update OPC-Server external link to version 4.89 or higher (Art.No. 00103)
References
Acknowledgments
CERT@VDE
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Multiple Wiesemann \u0026 Theis software products are affected by a vulnerability through an unquoted search path in the Windows registry. A local attacker can execute arbitrary code and gain administrative privileges by inserting an executable file in the path of the affected product.\n\nUpdate A, 07.03.2024\n\nIncorrect version numbers have been corrected.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "A local attacker can execute arbitrary code through the affected products and gain administrative privileges by inserting an executable file in a specific path.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Remediation\n\n- Update Com Redirector Legacy external link to version 3.94 or higher (Art.No. 00102)\n- Update Com Redirector PnP external link to version 4.43 or higher (Art.No. 00111)\n- Update OPC-Server external link to version 4.89 or higher (Art.No. 00103)",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "security@wut.de",
      "name": "Wiesemann \u0026 Theis GmbH",
      "namespace": "https://www.wut.de"
    },
    "references": [
      {
        "category": "external",
        "summary": "Wiesemann \u0026 Theis PSIRT ",
        "url": "https://www.wut.de"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Wiesemann \u0026 Theis GmbH",
        "url": "https://certvde.com/en/advisories/vendor/wut/"
      },
      {
        "category": "self",
        "summary": "VDE-2024-018: Wiesemann \u0026 Theis: Multiple products prone to unquoted search path - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2024-018/"
      },
      {
        "category": "self",
        "summary": "VDE-2024-018: Wiesemann \u0026 Theis: Multiple products prone to unquoted search path - CSAF",
        "url": "https://wut.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-018.json"
      }
    ],
    "title": "Wiesemann \u0026 Theis: Multiple products prone to unquoted search path",
    "tracking": {
      "aliases": [
        "VDE-2024-018"
      ],
      "current_release_date": "2025-05-14T12:36:39.000Z",
      "generator": {
        "date": "2025-03-12T12:59:06.509Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.20"
        }
      },
      "id": "VDE-2024-018",
      "initial_release_date": "2024-02-28T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-02-28T07:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2024-03-07T08:50:00.000Z",
          "number": "2",
          "summary": "Update A"
        },
        {
          "date": "2025-05-14T12:36:39.000Z",
          "number": "3",
          "summary": "Fix: reference category, added distribution"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=3.93",
                    "product": {
                      "name": "Com Redirector Legacy \u003c=3.93",
                      "product_id": "CSAFPID-51001",
                      "product_identification_helper": {
                        "model_numbers": [
                          "00102"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "3.94",
                    "product": {
                      "name": "Com Redirector Legacy 3.94",
                      "product_id": "CSAFPID-52001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com Redirector Legacy"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=4.42",
                    "product": {
                      "name": "Com Redirector PnP \u003c=4.42",
                      "product_id": "CSAFPID-51002",
                      "product_identification_helper": {
                        "model_numbers": [
                          "00111"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "4.43",
                    "product": {
                      "name": "Com Redirector PnP 4.43",
                      "product_id": "CSAFPID-52002"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Com Redirector PnP"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=4.88",
                    "product": {
                      "name": "OPC-Server \u003c=4.88",
                      "product_id": "CSAFPID-51003",
                      "product_identification_helper": {
                        "model_numbers": [
                          "00103"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "4.89",
                    "product": {
                      "name": "OPC-Server 4.89",
                      "product_id": "CSAFPID-52003"
                    }
                  }
                ],
                "category": "product_name",
                "name": "OPC-Server"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Wiesemann \u0026 Theis"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003"
        ],
        "summary": "Affected Products"
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-52001",
          "CSAFPID-52002",
          "CSAFPID-52003"
        ],
        "summary": "Fixed Products"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-25552",
      "cwe": {
        "id": "CWE-428",
        "name": "Unquoted Search Path or Element"
      },
      "notes": [
        {
          "category": "description",
          "text": "A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-52001",
          "CSAFPID-52002",
          "CSAFPID-52003"
        ],
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "- Update Com Redirector Legacy external link to version 3.94 or higher (Art.No. 00102)\n- Update Com Redirector PnP external link to version 4.43 or higher (Art.No. 00111)\n- Update OPC-Server external link to version 4.89 or higher (Art.No. 00103)",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002",
            "CSAFPID-51003"
          ]
        }
      ],
      "title": "CVE-2024-25552"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.