6.8
CVE-2024-22894
- EPSS 3.32%
- Published 30.01.2024 10:15:09
- Last modified 21.11.2024 08:56:45
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file.
Data is provided by the National Vulnerability Database (NVD)
Alpha-innotec ≫ Heat Pumps Firmware Version < 2.88.3
Alpha-innotec ≫ Heat Pumps Firmware Version >= 3.0.0 < 3.89.0
Alpha-innotec ≫ Heat Pumps Firmware Version >= 4.0.0 < 4.81.3
Novelan ≫ Heat Pumps Firmware Version < 2.88.3
Novelan ≫ Heat Pumps Firmware Version >= 3.0.0 < 3.89.0
Novelan ≫ Heat Pumps Firmware Version >= 4.0.0 < 4.81.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.32% | 0.867 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.