6.8

CVE-2024-22894

Exploit

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Alpha-innotecHeat Pumps Firmware Version < 2.88.3
   Alpha-innotecHeat Pumps Version-
Alpha-innotecHeat Pumps Firmware Version >= 3.0.0 < 3.89.0
   Alpha-innotecHeat Pumps Version-
Alpha-innotecHeat Pumps Firmware Version >= 4.0.0 < 4.81.3
   Alpha-innotecHeat Pumps Version-
NovelanHeat Pumps Firmware Version < 2.88.3
   NovelanHeat Pumps Version-
NovelanHeat Pumps Firmware Version >= 3.0.0 < 3.89.0
   NovelanHeat Pumps Version-
NovelanHeat Pumps Firmware Version >= 4.0.0 < 4.81.3
   NovelanHeat Pumps Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.32% 0.867
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://github.com/Jaarden/CVE-2024-22894
Third Party Advisory
Exploit