Products
TEM Opera Plus FM Family Transmitter
Source
ics-cert@hq.dhs.gov
Tags
CVE-2024-41987 details
Published : Oct. 3, 2024, 6:15 p.m.
Last Modified : Oct. 3, 2024, 6:15 p.m.
Last Modified : Oct. 3, 2024, 6:15 p.m.
Description
The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-352 | Cross-Site Request Forgery (CSRF) | The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. |
References
URL | Source |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-01 | ics-cert@hq.dhs.gov |
This website uses the NVD API, but is not approved or certified by it.