CVE-2024-50358

Nov. 26, 2024, 11:21 a.m.

7.2
High

Description

A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by authenticated users by restoring a tampered configuration backup.

Product(s) Impacted

Product Versions
Advantech EKI-6333AC-2G
  • ['<= 1.6.3']
Advantech EKI-6333AC-2GD
  • ['<= 1.6.3']
Advantech EKI-6333AC-1GPO
  • ['<= 1.2.1']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-15
External Control of System or Configuration Setting
One or more system settings or configuration elements can be externally controlled by a user.

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50358

Tags

prodsec@nozominetworks.com
CWE-15
2024-11-26
CVE-2024-50358

CVSS Score

7.2 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: HIGH
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Nov. 26, 2024, 11:21 a.m.
Last Modified: Nov. 26, 2024, 11:21 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

prodsec@nozominetworks.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.