6.8
CVE-2024-22894
- EPSS 0.73%
- Veröffentlicht 30.01.2024 10:15:09
- Zuletzt bearbeitet 21.11.2024 08:56:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Alpha-innotec ≫ Heat Pumps Firmware Version < 2.88.3
Alpha-innotec ≫ Heat Pumps Firmware Version >= 3.0.0 < 3.89.0
Alpha-innotec ≫ Heat Pumps Firmware Version >= 4.0.0 < 4.81.3
Novelan ≫ Heat Pumps Firmware Version < 2.88.3
Novelan ≫ Heat Pumps Firmware Version >= 3.0.0 < 3.89.0
Novelan ≫ Heat Pumps Firmware Version >= 4.0.0 < 4.81.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.73% | 0.494 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://github.com/Jaarden/AlphaInnotec-Password-Vulnerability/
https://github.com/Jaarden/CVE-2024-22894