Vulnerability Description
An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file.
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/
- https://www.corporate.carrier.com/product-security/advisories-resources/
FAQ
What is CVE-2024-8525?
CVE-2024-8525 is a documented vulnerability. An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could le...
How severe is CVE-2024-8525?
CVSS scoring is not yet available for CVE-2024-8525. Check NVD for updates.
Is there a patch for CVE-2024-8525?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.