9.8
CVE-2024-6422
- EPSS 1.86%
- Veröffentlicht 10.07.2024 08:15:11
- Zuletzt bearbeitet 21.11.2024 09:49:37
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
LoginPepperl+Fuchs: OIT Products can be manipulated via unintended Telnet access
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pepperl-fuchs ≫ Oit700-f113-b12-cb Firmware Version <= 2.11.0
Pepperl-fuchs ≫ Oit500-f113-b12-cb Firmware Version <= 2.11.0
Pepperl-fuchs ≫ Oit200-f113-b12-cb Firmware Version <= 2.11.0
Pepperl-fuchs ≫ Oit1500-f113-b12-cb Firmware Version <= 2.11.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.86% | 0.826 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.