CVE-2024-47901

CRITICAL EPSS 65.6%

Published Oct 23, 20241y ago · Modified Jun 17, 20261w ago

10.0 CVSS 4.0

Critical

Published Oct 23, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.

CVSS Details

Base Score

10.0

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

65.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 4

Vendor	Product	Version	Range
siemens	intermesh_7177_hybrid_2.0_subscriber	*	<8.2.12
siemens	intermesh_7177_hybrid_2.0_subscriber	*	any
siemens	intermesh_7707_fire_subscriber_firmware	*	<7.2.12
siemens	intermesh_7707_fire_subscriber	*	any

References 1

cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-333468.html

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.