VDE-2024-028

Vulnerability from csaf_ifmelectronicgmbh - Published: 2024-05-06 10:00 - Updated: 2026-01-15 11:00
Summary
ifm moneo password reset can be exploited
Notes
Summary: moneo \"Forgot Password\" function has a vulnerability which allows gaining privileged access.
Impact: In a moneo appliance with no mailserver configured, an unauthorized attacker can reset a password to the new user default value.
Mitigation: The correct configuration of a mail server prevents the exploitation of the vulnerability.
Remediation: Update to moneo version 1.13.5 or later.
General Recommendation: When using automation components, make sure that no unauthorized access can take place. In addition, measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.
Disclaimer: THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. IFM RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of ifm products.
CVE-2024-5404

An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak password recovery mechanism.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Mitigation Update to moneo version 1.13.5 or later.
References
Acknowledgments
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "moneo \\\"Forgot Password\\\" function has a vulnerability which allows gaining privileged access.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "In a moneo appliance with no mailserver configured, an unauthorized attacker can reset a password to the new user default value.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "The correct configuration of a mail server prevents the exploitation of the vulnerability.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "Update to moneo version 1.13.5 or later.",
        "title": "Remediation"
      },
      {
        "category": "general",
        "text": "When using automation components, make sure that no unauthorized access can take place. In addition, measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.",
        "title": "General Recommendation"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \\\"AS IS\\\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. IFM RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of ifm products.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@ifm.com",
      "name": "ifm electronic GmbH",
      "namespace": "https://www.ifm.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2024-028: ifm moneo password reset can be exploited - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2024-028"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for ifm products",
        "url": "https://certvde.com/en/advisories/vendor/ifm/"
      },
      {
        "category": "self",
        "summary": "VDE-2024-028: ifm moneo password reset can be exploited - CSAF",
        "url": "https://ifm.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-028.json"
      }
    ],
    "title": "ifm moneo password reset can be exploited",
    "tracking": {
      "aliases": [
        "VDE-2024-028"
      ],
      "current_release_date": "2026-01-15T11:00:00.000Z",
      "generator": {
        "date": "2026-01-30T08:32:05.707Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.42"
        }
      },
      "id": "VDE-2024-028",
      "initial_release_date": "2024-05-06T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-05-06T10:00:00.000Z",
          "number": "1.0.0",
          "summary": "initial revision"
        },
        {
          "date": "2024-05-24T10:00:00.000Z",
          "number": "2.0.0",
          "summary": "final draft"
        },
        {
          "date": "2024-05-27T10:00:00.000Z",
          "number": "3.0.0",
          "summary": "Update"
        },
        {
          "date": "2024-06-03T09:00:00.000Z",
          "number": "4.0.0",
          "summary": "Update after review"
        },
        {
          "date": "2024-10-30T11:00:00.000Z",
          "number": "5.0.0",
          "summary": "no security relevant changes\nchanged URLs from cert-vde.com to certvde.com\nrevamped product tree"
        },
        {
          "date": "2024-11-06T11:27:01.000Z",
          "number": "6.0.0",
          "summary": "Fix: added self-reference"
        },
        {
          "date": "2025-01-28T11:00:00.000Z",
          "number": "7.0.0",
          "summary": "Update: changed affected products group"
        },
        {
          "date": "2025-02-03T11:00:00.000Z",
          "number": "8.0.0",
          "summary": "fix TLP to white"
        },
        {
          "date": "2025-02-28T11:00:00.000Z",
          "number": "9.0.0",
          "summary": "fixed: \n * initial release date\n * spacing in version ranges\n * reference category"
        },
        {
          "date": "2026-01-06T11:00:00.000Z",
          "number": "10.0.0",
          "summary": "changed Windows form product name to product family and fixed the version range, added CPEs"
        },
        {
          "date": "2026-01-15T11:00:00.000Z",
          "number": "11.0.0",
          "summary": "add cpe product identifier to Hardware and Software"
        }
      ],
      "status": "final",
      "version": "11.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "QVA200",
                "product": {
                  "name": "QVA200",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:qha200:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "QHA210",
                "product": {
                  "name": "QHA210",
                  "product_id": "CSAFPID-11002",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:qha210:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "QHA300",
                "product": {
                  "name": "QHA300",
                  "product_id": "CSAFPID-11003",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:ifm_electronic:qha300:*:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:semver/\u003c1.13.5",
                    "product": {
                      "name": "moneo \u003c1.13.5",
                      "product_id": "CSAFPID-51001"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.13.5",
                    "product": {
                      "name": "moneo 1.13.5",
                      "product_id": "CSAFPID-52001",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:ifm_electronic:moneo:1.13.5:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "moneo"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "ifm electronic GmbH"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_family",
                "name": "Windows ",
                "product": {
                  "name": "Microsoft Windows",
                  "product_id": "CSAFPID-90001",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OS"
          }
        ],
        "category": "vendor",
        "name": "Microsoft "
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-3101",
          "CSAFPID-3102",
          "CSAFPID-3103",
          "CSAFPID-3104"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0003",
        "product_ids": [
          "CSAFPID-3201",
          "CSAFPID-3202",
          "CSAFPID-3203",
          "CSAFPID-3204"
        ],
        "summary": "Fixed products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "moneo \u003c1.13.5 installed on QVA200",
          "product_id": "CSAFPID-3101"
        },
        "product_reference": "CSAFPID-51001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "moneo \u003c1.13.5 installed on QHA210",
          "product_id": "CSAFPID-3102"
        },
        "product_reference": "CSAFPID-51001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "moneo \u003c1.13.5 installed on QHA300",
          "product_id": "CSAFPID-3103"
        },
        "product_reference": "CSAFPID-51001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "moneo 1.13.5 installed on QVA200",
          "product_id": "CSAFPID-3201"
        },
        "product_reference": "CSAFPID-52001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "moneo 1.13.5 installed on QHA210",
          "product_id": "CSAFPID-3202"
        },
        "product_reference": "CSAFPID-52001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "moneo \u003c1.13.5 installed on Microsoft Windows",
          "product_id": "CSAFPID-3104"
        },
        "product_reference": "CSAFPID-51001",
        "relates_to_product_reference": "CSAFPID-90001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "moneo 1.13.5 installed on Microsoft Windows",
          "product_id": "CSAFPID-3204"
        },
        "product_reference": "CSAFPID-52001",
        "relates_to_product_reference": "CSAFPID-90001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "moneo 1.13.5 installed on QHA300",
          "product_id": "CSAFPID-3203"
        },
        "product_reference": "CSAFPID-52001",
        "relates_to_product_reference": "CSAFPID-11003"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-5404",
      "cwe": {
        "id": "CWE-640",
        "name": "Weak Password Recovery Mechanism for Forgotten Password"
      },
      "notes": [
        {
          "category": "description",
          "text": "An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak password recovery mechanism.",
          "title": "Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-3201",
          "CSAFPID-3202",
          "CSAFPID-3203",
          "CSAFPID-3204"
        ],
        "known_affected": [
          "CSAFPID-3101",
          "CSAFPID-3102",
          "CSAFPID-3103",
          "CSAFPID-3104"
        ]
      },
      "release_date": "2024-06-03T09:00:00.000Z",
      "remediations": [
        {
          "category": "mitigation",
          "date": "2024-06-06T09:00:00.000Z",
          "details": "Update to moneo version 1.13.5 or later.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-3101",
            "CSAFPID-3102",
            "CSAFPID-3103",
            "CSAFPID-3104"
          ]
        }
      ],
      "title": "CVE-2024-5404"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.