4.3

CVE-2024-24782

An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HimaF30 03x Yy (com) Firmware Version <= 24.14
   HimaF30 03x Yy (com) Version-
HimaF30 03x Yy (cpu) Firmware Version <= 18.6
   HimaF30 03x (cpu) Yy Version-
HimaF35 03x Yy (com) Firmware Version <= 24.14
   HimaF35 03x Yy (com) Version-
HimaF35 03x Yy (cpu) Firmware Version <= 18.6
   HimaF35 03x Yy (cpu) Version-
HimaF60 Cpu 03x Yy (com) Firmware Version <= 24.14
   HimaF60 Cpu 03x Yy (com) Version-
HimaF60 Cpu 03x Yy (cpu) Firmware Version <= 18.6
   HimaF60 Cpu 03x Yy (cpu) Version-
HimaF-com 01 Firmware Version <= 14.12
   HimaF-com 01 Version-
HimaF-cpu 01 Firmware Version <= 14.16
   HimaF-cpu 01 Version-
HimaX-com 01 E Yy Firmware Version <= 15.14
   HimaX-com 01 E Yy Version-
HimaX-com 01 Yy Firmware Version <= 14.12
   HimaX-com 01 Yy Version-
HimaX-cpu 01 Firmware Version <= 14.16
   HimaX-cpu 01 Version-
HimaX-cpu 31 Firmware Version <= 14.16
   HimaX-cpu 31 Version-
HimaX-sb 01 Firmware Version <= 7.54
   HimaX-sb 01 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.089
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
info@cert.vde.com 4.3 2.8 1.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

https://cert.vde.com/en/advisories/VDE-2024-013
Third Party Advisory
Mitigation