CVE-2024-47902 — HIGH (7.2)

Q: How severe is CVE-2024-47902?

CVE-2024-47902 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-47902?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Intermesh 7177 Hybrid 2.0 Subscriber, Siemens Intermesh 7707 Fire Subscriber Firmware, Siemens Intermesh 7707 Fire Subscriber.

Vulnerability Description

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not authenticate GET requests that execute specific commands (such as `ping`) on operating system level.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Siemens	Intermesh 7177 Hybrid 2.0 Subscriber	< 8.2.12
Siemens	Intermesh 7707 Fire Subscriber Firmware	< 7.2.12
Siemens	Intermesh 7707 Fire Subscriber	-

Related Weaknesses (CWE)

CWE-306

References

https://cert-portal.siemens.com/productcert/html/ssa-333468.htmlVendor Advisory

FAQ

What is CVE-2024-47902?

CVE-2024-47902 is a vulnerability with a CVSS score of 7.2 (HIGH). A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which ...

How severe is CVE-2024-47902?

CVE-2024-47902 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-47902?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Intermesh 7177 Hybrid 2.0 Subscriber, Siemens Intermesh 7707 Fire Subscriber Firmware, Siemens Intermesh 7707 Fire Subscriber.