9.8критическая
CVE-2024-6596
Описание
An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.
Затрагиваемое ПО
Endress Echo curve viewerEndress Fieldcare sfe500 packageEndress Field xpert smt79 firmwareEndress Field xpert smt79Endress Field xpert smt77 firmwareEndress Field xpert smt77Endress Field xpert smt70 firmwareEndress Field xpert smt70Endress Field xpert smt50 firmwareEndress Field xpert smt50
CVSS
| Балл | 9.8 — критическая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Источники
https://cert.vde.com/en/advisories/VDE-2024-041