CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1072 vulnerabilities reference this CWE, most recent first.
CVE-2024-46887 (GCVE-0-2024-46887)
Vulnerability from cvelistv5 – Published: 2024-10-08 08:40 – Updated: 2025-10-21 14:12- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T13:51:56.485006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T14:12:27.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC Drive Controller CPU 1504D TF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Drive Controller CPU 1507D TF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1510SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1510SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1510SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1510SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1512SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1512SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1512SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1512SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1514SP F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1514SP-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1514SPT F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1514SPT-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V21.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V31.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V31.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511C-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511C-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511C-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511T-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511T-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511TF-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511TF-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1512C-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1512C-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1512C-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513pro F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513pro-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515T-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515T-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515TF-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515TF-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516pro F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516pro-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516T-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516TF-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1517-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1517F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1517F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1517T-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1517TF-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518T-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518TF-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller CPU 1507S F V2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V21.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller CPU 1507S F V3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V31.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller CPU 1507S V2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V21.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller CPU 1507S V3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V31.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller CPU 1508S F V2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V21.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller CPU 1508S F V3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V31.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller CPU 1508S T V3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V31.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller CPU 1508S TF V3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V31.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller CPU 1508S V2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V21.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller CPU 1508S V3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V31.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller Linux V2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller Linux V3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V31.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-PLCSIM Advanced",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1515F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1515F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1515F-2 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518F-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web server of affected devices do not properly authenticate user request to the \u0027/ClientArea/RuntimeInfoData.mwsl\u0027 endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T09:15:06.254Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-054046.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-46887",
"datePublished": "2024-10-08T08:40:43.510Z",
"dateReserved": "2024-09-12T07:44:52.468Z",
"dateUpdated": "2025-10-21T14:12:27.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43692 (GCVE-0-2024-43692)
Vulnerability from cvelistv5 – Published: 2024-09-24 23:46 – Updated: 2024-09-25 17:00| Vendor | Product | Version | |
|---|---|---|---|
| Dover Fueling Solutions (DFS) | ProGauge MAGLINK LX CONSOLE |
Affected:
0 , ≤ 3.4.2.2.6
(custom)
|
|
| Dover Fueling Solutions (DFS) | ProGauge MAGLINK LX4 CONSOLE |
Affected:
0 , ≤ 4.17.9e
(custom)
|
|
| doverfuelingsolutions | maglink_lx_console |
Affected:
0 , ≤ 3.4.2.2.6
(custom)
cpe:2.3:a:doverfuelingsolutions:maglink_lx_console:*:*:*:*:*:*:*:* |
|
| doverfuelingsolutions | maglink_lx4_console |
Affected:
0 , ≤ 4.17.9e
(custom)
cpe:2.3:a:doverfuelingsolutions:maglink_lx4_console:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:doverfuelingsolutions:maglink_lx_console:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "maglink_lx_console",
"vendor": "doverfuelingsolutions",
"versions": [
{
"lessThanOrEqual": "3.4.2.2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:doverfuelingsolutions:maglink_lx4_console:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "maglink_lx4_console",
"vendor": "doverfuelingsolutions",
"versions": [
{
"lessThanOrEqual": "4.17.9e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T16:59:20.584214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:00:19.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ProGauge MAGLINK LX CONSOLE",
"vendor": "Dover Fueling Solutions (DFS)",
"versions": [
{
"lessThanOrEqual": "3.4.2.2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MAGLINK LX4 CONSOLE",
"vendor": "Dover Fueling Solutions (DFS)",
"versions": [
{
"lessThanOrEqual": "4.17.9e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Umbelino of Bitsight reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker can directly request the ProGauge MAGLINK LX CONSOLE \nresource sub page with full privileges by requesting the URL directly."
}
],
"value": "An attacker can directly request the ProGauge MAGLINK LX CONSOLE \nresource sub page with full privileges by requesting the URL directly."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T23:46:12.640Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions released a new software update version 4.19.10 \nfor the MagLink LX console to address these vulnerabilities. The \nsoftware release is available for installation on consoles through DFS\u0027s\n authorized service organizations in North America. North American users\n can reach DFS\u0027s customer support team by telephone at 877-679-8324.\n\n\u003cbr\u003e"
}
],
"value": "Dover Fueling Solutions released a new software update version 4.19.10 \nfor the MagLink LX console to address these vulnerabilities. The \nsoftware release is available for installation on consoles through DFS\u0027s\n authorized service organizations in North America. North American users\n can reach DFS\u0027s customer support team by telephone at 877-679-8324."
}
],
"source": {
"advisory": "ICSA-24-268-04",
"discovery": "EXTERNAL"
},
"title": "Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Authentication Bypass Using an Alternate Path or Channel",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDFS strongly encourages users of MagLink products to:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInstall MagLink consoles behind firewalls for security.\u003c/li\u003e\n\u003cli\u003eMonitor and install updates on a timely basis.\u003c/li\u003e\n\u003cli\u003eContact DFS customer support with any questions about operations or updates of MagLink software.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAlternatively, MagLink may operate offfline or disconnected from a network.\u003c/p\u003e\n\u003cp\u003eRegistered MagLink customers have access to technical information, \nupdates, and technical bulletins via a DFS proprietary portal.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "DFS strongly encourages users of MagLink products to:\n\n\n\n * Install MagLink consoles behind firewalls for security.\n\n * Monitor and install updates on a timely basis.\n\n * Contact DFS customer support with any questions about operations or updates of MagLink software.\n\n\n\n\nAlternatively, MagLink may operate offfline or disconnected from a network.\n\n\nRegistered MagLink customers have access to technical information, \nupdates, and technical bulletins via a DFS proprietary portal."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-43692",
"datePublished": "2024-09-24T23:46:12.640Z",
"dateReserved": "2024-09-05T20:11:00.318Z",
"dateUpdated": "2024-09-25T17:00:19.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43234 (GCVE-0-2024-43234)
Vulnerability from cvelistv5 – Published: 2024-12-16 15:36 – Updated: 2026-04-29 09:51- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Theme/w… | vdb-entry |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T18:10:16.276628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T18:10:25.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "woffice",
"product": "Woffice",
"vendor": "WofficeIO",
"versions": [
{
"changes": [
{
"at": "5.4.15",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.4.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafie Muhammad | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:27:09.359Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.\u003cp\u003eThis issue affects Woffice: from n/a through \u003c= 5.4.14.\u003c/p\u003e"
}
],
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.This issue affects Woffice: from n/a through \u003c= 5.4.14."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:51:53.076Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Theme/woffice/vulnerability/wordpress-woffice-theme-5-4-14-unauthenticated-account-takeover-vulnerability?_s_id=cve"
}
],
"title": "WordPress Woffice theme \u003c= 5.4.14 - Unauthenticated Account Takeover vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-43234",
"datePublished": "2024-12-16T15:36:22.166Z",
"dateReserved": "2024-08-09T09:20:16.409Z",
"dateUpdated": "2026-04-29T09:51:53.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-42178 (GCVE-0-2024-42178)
Vulnerability from cvelistv5 – Published: 2025-04-17 21:24 – Updated: 2025-04-18 12:02- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | HCL MyXalytics |
Affected:
6.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T11:46:26.272738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T12:02:16.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL MyXalytics",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "6.3"
}
]
}
],
"datePublic": "2025-04-17T21:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution.\u003cbr\u003e"
}
],
"value": "HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T21:24:34.799Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120502"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL MyXalytics is affected by a failure to restrict URL access vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-42178",
"datePublished": "2025-04-17T21:24:34.185Z",
"dateReserved": "2024-07-29T21:32:05.157Z",
"dateUpdated": "2025-04-18T12:02:16.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41173 (GCVE-0-2024-41173)
Vulnerability from cvelistv5 – Published: 2024-08-27 08:00 – Updated: 2024-08-27 13:07- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| Beckhoff | IPC Diagnostics package |
Affected:
0 , < 2.0.0.1
(semver)
|
|
| Beckhoff | TwinCAT/BSD |
Affected:
0 , < 14.1.2.0
(semver)
|
|
| beckhoff | twincat\/bsd |
Affected:
0 , < 2.0.0.1
(semver)
cpe:2.3:o:beckhoff:twincat\/bsd:-:*:*:*:*:*:*:* |
|
| beckhoff | twincat\/bsd |
Affected:
0 , < 14.1.2.0
(semver)
cpe:2.3:o:beckhoff:twincat\/bsd:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:beckhoff:twincat\\/bsd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "twincat\\/bsd",
"vendor": "beckhoff",
"versions": [
{
"lessThan": "2.0.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:beckhoff:twincat\\/bsd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "twincat\\/bsd",
"vendor": "beckhoff",
"versions": [
{
"lessThan": "14.1.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T13:04:08.003597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T13:07:46.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IPC Diagnostics package",
"vendor": "Beckhoff",
"versions": [
{
"lessThan": "2.0.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TwinCAT/BSD",
"vendor": "Beckhoff",
"versions": [
{
"lessThan": "14.1.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nozomi Networks"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker."
}
],
"value": "The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T08:00:47.054Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-045"
}
],
"source": {
"advisory": "VDE-2024-045",
"defect": [
"CERT@VDE#641666"
],
"discovery": "UNKNOWN"
},
"title": "Beckhoff: Local authentication bypass in the IPC-Diagnostics package included in TwinCAT/BSD",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-41173",
"datePublished": "2024-08-27T08:00:47.054Z",
"dateReserved": "2024-07-17T13:42:44.525Z",
"dateUpdated": "2024-08-27T13:07:46.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39309 (GCVE-0-2024-39309)
Vulnerability from cvelistv5 – Published: 2024-07-01 21:15 – Updated: 2024-08-02 04:19| URL | Tags |
|---|---|
| https://github.com/parse-community/parse-server/s… | x_refsource_CONFIRM |
| https://github.com/parse-community/parse-server/p… | x_refsource_MISC |
| https://github.com/parse-community/parse-server/p… | x_refsource_MISC |
| https://github.com/parse-community/parse-server/c… | x_refsource_MISC |
| https://github.com/parse-community/parse-server/c… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| parse-community | parse-server |
Affected:
< 6.5.7
Affected: >= 7.0.0, < 7.1.0 |
|
| parse_community | parse_server |
Affected:
6.5.7
Affected: 7.0.0 Affected: 7.1.0 cpe:2.3:a:parse_community:parse_server:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:parse_community:parse_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "parse_server",
"vendor": "parse_community",
"versions": [
{
"status": "affected",
"version": "6.5.7"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T17:29:00.388525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T17:32:40.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r"
},
{
"name": "https://github.com/parse-community/parse-server/pull/9167",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/pull/9167"
},
{
"name": "https://github.com/parse-community/parse-server/pull/9168",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/pull/9168"
},
{
"name": "https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3"
},
{
"name": "https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "parse-server",
"vendor": "parse-community",
"versions": [
{
"status": "affected",
"version": "\u003c 6.5.7"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved in versions 6.5.7 and 7.1.0. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T21:15:26.242Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r"
},
{
"name": "https://github.com/parse-community/parse-server/pull/9167",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/pull/9167"
},
{
"name": "https://github.com/parse-community/parse-server/pull/9168",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/pull/9168"
},
{
"name": "https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3"
},
{
"name": "https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b"
}
],
"source": {
"advisory": "GHSA-c2hr-cqg6-8j6r",
"discovery": "UNKNOWN"
},
"title": "ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39309",
"datePublished": "2024-07-01T21:15:26.242Z",
"dateReserved": "2024-06-21T18:15:22.260Z",
"dateUpdated": "2024-08-02T04:19:20.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38437 (GCVE-0-2024-38437)
Vulnerability from cvelistv5 – Published: 2024-07-21 07:17 – Updated: 2024-08-02 04:12- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38437",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T20:34:54.288682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T20:35:11.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:24.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DSL-225",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "version BZ_1.00.16",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hai Vaknin, Yehuda Smirnov"
}
],
"datePublic": "2024-07-18T07:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eD-Link \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e- \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCWE-288:Authentication Bypass Using an Alternate Path or Channel\u003c/span\u003e\n\n\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\n\n\u003c/p\u003e\n\n\u003c/span\u003e"
}
],
"value": "D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-21T07:17:40.752Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe product is EOL. The Vendor recommends these devices be retired and replaced.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "The product is EOL. The Vendor recommends these devices be retired and replaced."
}
],
"source": {
"advisory": "ILVN-2024-0175",
"discovery": "UNKNOWN"
},
"title": "D-Link - CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-38437",
"datePublished": "2024-07-21T07:17:40.752Z",
"dateReserved": "2024-06-16T08:00:52.286Z",
"dateUpdated": "2024-08-02T04:12:24.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38279 (GCVE-0-2024-38279)
Vulnerability from cvelistv5 – Published: 2024-06-13 17:00 – Updated: 2024-08-02 04:04- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Motorola Solutions | Vigilant Fixed LPR Coms Box (BCAV1F2-C600) |
Affected:
0 , ≤ 3.1.171.9
(custom)
|
|
| motorolasolutions | vigilant_fixed_lpr_coms_box_bcav1f2_c600 |
Affected:
0 , ≤ 3.1.171.9
(custom)
cpe:2.3:a:motorolasolutions:vigilant_fixed_lpr_coms_box_bcav1f2_c600:3.1.171.9:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:motorolasolutions:vigilant_fixed_lpr_coms_box_bcav1f2_c600:3.1.171.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vigilant_fixed_lpr_coms_box_bcav1f2_c600",
"vendor": "motorolasolutions",
"versions": [
{
"lessThanOrEqual": "3.1.171.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T18:21:36.318296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T18:30:17.758Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
"vendor": "Motorola Solutions",
"versions": [
{
"lessThanOrEqual": "3.1.171.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The Michigan State Police Michigan Cyber Command Center (MC3)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eThe affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T17:00:20.515Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cbr\u003e\n\n\u003cp\u003eMotorola Solutions recommends the following for each identified vulnerability:\u003c/p\u003e\u003cp\u003eCVE-2024-38279:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUse secure boot implementation with an edit-resistant GRUB partition.\u003c/li\u003e\u003cli\u003eAdditional mitigation consists in limiting the physical access to the device by following the best practices for device mounting.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eEdit-resistant grub partition has been remediated for all vulnerable systems. Motorola Solutions\u003cbr\u003ewill release a secure boot implementation in Fall 2024. All customers will receive the update\u003cbr\u003ethrough OTA (over the air) mechanisms. No further actions are required by customers.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Motorola Solutions recommends the following for each identified vulnerability:\n\nCVE-2024-38279:\n\n * Use secure boot implementation with an edit-resistant GRUB partition.\n * Additional mitigation consists in limiting the physical access to the device by following the best practices for device mounting.\n\n\nEdit-resistant grub partition has been remediated for all vulnerable systems. Motorola Solutions\nwill release a secure boot implementation in Fall 2024. All customers will receive the update\nthrough OTA (over the air) mechanisms. No further actions are required by customers."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-38279",
"datePublished": "2024-06-13T17:00:20.515Z",
"dateReserved": "2024-06-12T16:16:09.648Z",
"dateUpdated": "2024-08-02T04:04:25.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37893 (GCVE-0-2024-37893)
Vulnerability from cvelistv5 – Published: 2024-06-17 19:39 – Updated: 2024-08-02 03:57| URL | Tags |
|---|---|
| https://github.com/firefly-iii/firefly-iii/securi… | x_refsource_CONFIRM |
| https://owasp.org/www-community/attacks/Password_… | x_refsource_MISC |
| https://www.menlosecurity.com/what-is/highly-evas… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| firefly-iii | firefly-iii |
Affected:
< 6.1.17
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37893",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T19:20:53.573120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T19:21:00.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:57:39.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w"
},
{
"name": "https://owasp.org/www-community/attacks/Password_Spraying_Attack",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owasp.org/www-community/attacks/Password_Spraying_Attack"
},
{
"name": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "firefly-iii",
"vendor": "firefly-iii",
"versions": [
{
"status": "affected",
"version": "\u003c 6.1.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an incrementing id, an attacker could try sign an OAuth application up to a users profile quite easily if they have created one. The attacker would also need to know the victims username and password. This problem has been patched in Firefly III v6.1.17 and up. Users are advised to upgrade. Users unable to upgrade should Use a unique password for their Firefly III instance and store their password securely, i.e. in a password manager."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:39:32.438Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w"
},
{
"name": "https://owasp.org/www-community/attacks/Password_Spraying_Attack",
"tags": [
"x_refsource_MISC"
],
"url": "https://owasp.org/www-community/attacks/Password_Spraying_Attack"
},
{
"name": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass"
}
],
"source": {
"advisory": "GHSA-4gm4-c4mh-4p7w",
"discovery": "UNKNOWN"
},
"title": "MFA bypass in oauth flow in Firefly III"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37893",
"datePublished": "2024-06-17T19:39:32.438Z",
"dateReserved": "2024-06-10T19:54:41.361Z",
"dateUpdated": "2024-08-02T03:57:39.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35214 (GCVE-0-2024-35214)
Vulnerability from cvelistv5 – Published: 2024-08-20 17:24 – Updated: 2024-09-29 05:02| Vendor | Product | Version | |
|---|---|---|---|
| BlackBerry | CylanceOPTICS for Windows |
Affected:
3.2 and 3.3
|
|
| blackberry | cylanceoptics |
Affected:
3.2
Affected: 3.3 cpe:2.3:a:blackberry:cylanceoptics:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:blackberry:cylanceoptics:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cylanceoptics",
"vendor": "blackberry",
"versions": [
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "3.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T20:04:49.459656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T20:09:41.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-29T05:02:37.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Sep/52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Windows Installer Package"
],
"platforms": [
"Windows"
],
"product": "CylanceOPTICS for Windows",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "3.2 and 3.3"
}
]
}
],
"datePublic": "2024-08-20T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003etampering\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability in the\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e Cylance\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system thereby leaving it with only the protection of CylancePROTECT\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e"
}
],
"value": "A tampering vulnerability in the CylanceOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system thereby leaving it with only the protection of CylancePROTECT."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T17:24:53.815Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140080"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerability in CylanceOPTICS Windows Installer Package Impacts CylanceOPTICS for Windows",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-35214",
"datePublished": "2024-08-20T17:24:53.815Z",
"dateReserved": "2024-05-13T21:20:04.327Z",
"dateUpdated": "2024-09-29T05:02:37.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.