CVE-2024-6596 – Securitricks

216.73.217.22

CVE-2024-6596

· Published 10/09/2024 08:15 · Modified 01/10/2024 12:26

Labels: CVE-2024-6596 2024-09-10 CVE-2024-6596 CWE-94 [email protected]

Essential information

Published: 10/09/2024 08:15
Modified: 01/10/2024 12:26
Author: —
Creator: —
CVSS: 9.8 CRITICAL (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.

NVD status

Status: Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
endress / echo curve viewer	`cpe:2.3:a:endress:echo_curve_viewer::::::::`
endress / fieldcare sfe500 package	`cpe:2.3:a:endress:fieldcare_sfe500_package::::::::`
endress / field xpert smt79 firmware	`cpe:2.3:o:endress:field_xpert_smt79_firmware:-:::::::*`
endress / field xpert smt79	`cpe:2.3:h:endress:field_xpert_smt79:-:::::::*`
endress / field xpert smt77 firmware	`cpe:2.3:o:endress:field_xpert_smt77_firmware:-:::::::*`
endress / field xpert smt77	`cpe:2.3:h:endress:field_xpert_smt77:-:::::::*`
endress / field xpert smt70 firmware	`cpe:2.3:o:endress:field_xpert_smt70_firmware:-:::::::*`
endress / field xpert smt70	`cpe:2.3:h:endress:field_xpert_smt70:-:::::::*`
endress / field xpert smt50 firmware	`cpe:2.3:o:endress:field_xpert_smt50_firmware:-:::::::*`
endress / field xpert smt50	`cpe:2.3:h:endress:field_xpert_smt50:-:::::::*`

References