CVE-2024-38501

MEDIUM EPSS 22.7%

Published Aug 13, 20241y ago · Modified Jun 17, 20261w ago

6.1 CVSS 3.1

Medium

Published Aug 13, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.

CVSS Details

Base Score

6.1

Exploitability

2.8

Impact

2.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Changed

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

22.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 48

Vendor	Product	Version	Range
pepperl-fuchs	icdm-rx\/tcp_socketserver_firmware	*	<11.65
pepperl-fuchs	icdm-rx\/tcp-16db9\/rj45-rm	*	any
pepperl-fuchs	icdm-rx\/tcp-16rj45\/2rj45-pm	*	any
pepperl-fuchs	icdm-rx\/tcp-16rj45\/rj45-rm	*	any
pepperl-fuchs	icdm-rx\/tcp-2db9\/rj45-din	*	any
pepperl-fuchs	icdm-rx\/tcp-2st\/rj45-din	*	any
pepperl-fuchs	icdm-rx\/tcp-32rj45\/rj45-rm	*	any
pepperl-fuchs	icdm-rx\/tcp-4db9\/2rj45-din	*	any
pepperl-fuchs	icdm-rx\/tcp-4db9\/2rj45-pm	*	any
pepperl-fuchs	icdm-rx\/tcp-8db9\/2rj45-pm	*	any
pepperl-fuchs	icdm-rx\/tcp-db9\/rj45-din	*	any
pepperl-fuchs	icdm-rx\/tcp-db9\/rj45-pm	*	any
pepperl-fuchs	icdm-rx\/tcp-db9\/rj45-pm2	*	any
pepperl-fuchs	icdm-rx\/tcp-st\/rj45-din	*	any
pepperl-fuchs	profinet_firmware	*	<3.4.9
pepperl-fuchs	icdm-rx\/pn-2db9\/rj45-din	*	any
pepperl-fuchs	icdm-rx\/pn-2st\/rj45-din	*	any
pepperl-fuchs	icdm-rx\/pn-4db9\/2rj45-din	*	any
pepperl-fuchs	icdm-rx\/pn-db9\/rj45-din	*	any
pepperl-fuchs	icdm-rx\/pn-db9\/rj45-pm	*	any
pepperl-fuchs	icdm-rx\/pn-st\/rj45-din	*	any
pepperl-fuchs	profinet\/modbus_firmware	*	<1.0.7
pepperl-fuchs	icdm-rx\/pn1-2db9\/rj45-din	*	any
pepperl-fuchs	icdm-rx\/pn1-2st\/rj45-din	*	any
pepperl-fuchs	icdm-rx\/pn1-4db9\/2rj45-din	*	any
pepperl-fuchs	icdm-rx\/pn1-db9\/rj45-din	*	any
pepperl-fuchs	icdm-rx\/pn1-db9\/rj45-pm	*	any
pepperl-fuchs	icdm-rx\/pn1-st\/rj45-din	*	any
pepperl-fuchs	modbus_router_firmware	*	<7.09
pepperl-fuchs	modbus_server_firmware	*	<7.11
pepperl-fuchs	modbus_tcp_firmware	*	<7.11
pepperl-fuchs	icdm-rx\/mod-4db9\/2rj45-din	*	any
pepperl-fuchs	icdm-rx\/mod-db9\/rj45-din	*	any
pepperl-fuchs	icdm-rx\/mod-st\/rj45-din	*	any
pepperl-fuchs	ethernet\/ip_firmware	*	<7.22
pepperl-fuchs	icdm-rx\/en-2db9\/rj45-din	*	any
pepperl-fuchs	icdm-rx\/en-2st\/rj45-din	*	any
pepperl-fuchs	icdm-rx\/en-4db9\/2rj45-din	*	any
pepperl-fuchs	icdm-rx\/en-db9\/rj45-din	*	any
pepperl-fuchs	icdm-rx\/en-db9\/rj45-pm	*	any
pepperl-fuchs	icdm-rx\/en-st\/rj45-din	*	any
pepperl-fuchs	eip\/modbus_firmware	*	<1.08
pepperl-fuchs	icdm-rx\/en1-2db9\/rj45-din	*	any
pepperl-fuchs	icdm-rx\/en1-2st\/rj45-din	*	any
pepperl-fuchs	icdm-rx\/en1-4db9\/2rj45-din	*	any
pepperl-fuchs	icdm-rx\/en1-db9\/rj45-din	*	any
pepperl-fuchs	icdm-rx\/en1-db9\/rj45-pm	*	any
pepperl-fuchs	icdm-rx\/en1-st\/rj45-din	*	any

References 1

cert.vde.com https://cert.vde.com/en/advisories/VDE-2024-033

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.