CVE-2024-2422

EPSS 1.07%
Veröffentlicht 30.05.2024 18:15:09
Zuletzt bearbeitet 02.02.2026 13:13:52
Quelle productsecurity@carrier.com
CVE-Watchlists
Login
Unerledigt
Login

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Honeywell ≫ Lenels2 Netbox Version < 5.6.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.07%	0.774

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
productsecurity@carrier.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01

US Government Resource

Vendor Advisory

https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2024-2422

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2422

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2422

EUVD