Vulnerability Description
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Intermesh 7177 Hybrid 2.0 Subscriber | < 8.2.12 |
| Siemens | Intermesh 7707 Fire Subscriber Firmware | < 7.2.12 |
| Siemens | Intermesh 7707 Fire Subscriber | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2024-47901?
CVE-2024-47901 is a vulnerability with a CVSS score of 10.0 (CRITICAL). A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which ...
How severe is CVE-2024-47901?
CVE-2024-47901 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-47901?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Intermesh 7177 Hybrid 2.0 Subscriber, Siemens Intermesh 7707 Fire Subscriber Firmware, Siemens Intermesh 7707 Fire Subscriber.