CVE-2024-47901
moderate-risk
Published 2024-10-23
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.
Do I need to act?
~
2.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10
Critical
NETWORK
/ LOW complexity
Affected Products (2)
Intermesh 7177 Hybrid 2.0 Subscriber
Intermesh 7707 Fire Subscriber Firmware
Affected Vendors
References (1)
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-333468.html
46
/ 100
moderate-risk
Severity
33/34 · Critical
Exploitability
6/34 · Minimal
Exposure
7/34 · Low