A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not authenticate GET requests that execute specific commands (such as `ping`) on operating system level.
History

Wed, 30 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Siemens intermesh 7177 Hybrid 2.0 Subscriber
Siemens intermesh 7707 Fire Subscriber Firmware
CPEs cpe:2.3:h:siemens:intermesh_7177_hybrid_2.0_subscriber:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:intermesh_7707_fire_subscriber:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:intermesh_7177_hybrid_2.0_subscriber:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:intermesh_7707_fire_subscriber_firmware:*:*:*:*:*:*:*:*
Vendors & Products Siemens intermesh 7177 Hybrid 2.0 Subscriber
Siemens intermesh 7707 Fire Subscriber Firmware

Wed, 23 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens intermesh 7177 Hybrid2.0 Subscriber
Siemens intermesh 7707 Fire Subscriber
CPEs cpe:2.3:a:siemens:intermesh_7177_hybrid2.0_subscriber:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:intermesh_7707_fire_subscriber:*:*:*:*:*:*:*:*
Vendors & Products Siemens
Siemens intermesh 7177 Hybrid2.0 Subscriber
Siemens intermesh 7707 Fire Subscriber
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 23 Oct 2024 14:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not authenticate GET requests that execute specific commands (such as `ping`) on operating system level.
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2024-10-23T14:21:20.501Z

Updated: 2024-10-23T18:16:39.383Z

Reserved: 2024-10-04T16:15:00.392Z

Link: CVE-2024-47902

cve-icon Vulnrichment

Updated: 2024-10-23T18:16:30.484Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-23T15:15:31.163

Modified: 2024-10-30T15:48:39.207

Link: CVE-2024-47902

cve-icon Redhat

No data.