CVE-2024-8525

Nov. 21, 2024, 4:15 p.m.

None
No Score

Description

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file.

Product(s) Impacted

Product Versions
Automated Logic WebCTRL
  • 7.0

Weaknesses

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

References

https://www.cisa.gov/news-events/ics-advisories/
https://www.corporate.carrier.com/product-security/advisories-resources/

Tags

CWE-434
productsecurity@carrier.com
2024-11-21
CVE-2024-8525

Date

  • Published: Nov. 21, 2024, 4:15 p.m.
  • Last Modified: Nov. 21, 2024, 4:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

productsecurity@carrier.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.