CVE-2024-6596 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CERTVDE	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 67%

Vendor	Product	Version
endress\+hauser	echo_curve_viewer_firmware	𝑥 ≤ 5.2.2.6
endress\+hauser	fieldcare_sfe500_package_usb_firmware	𝑥 ≤ 1.40.00.7448
endress\+hauser	fieldcare_sfe500_package_web-package_firmware	𝑥 ≤ 1.40.00.7448
endress\+hauser	field_xpert_smt70_firmware	𝑥 ≤ SMT70_Win10_LTSC_21H2_v1.07.00_RC02_01
endress\+hauser	field_xpert_smt50_firmware	𝑥 ≤ SMT50_Win10_LTSC_21H2_v1.07.00_RC02_03
endress\+hauser	field_xpert_smt77_firmware	𝑥 ≤ SMT77_Win10_SAC_22H2_v1.08.04_RC03_02
endress\+hauser	field_xpert_smt79_firmware	𝑥 ≤ 1.08.02-1.8.8684.34292
endress	echo_curve_viewer	𝑥 < 6.0.0
endress	fieldcare_sfe500_package	𝑥 < 1.40.1
endress	field_xpert_smt79_firmware	-
endress	field_xpert_smt77_firmware	-
endress	field_xpert_smt70_firmware	-
endress	field_xpert_smt50_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

https://cert.vde.com/en/advisories/VDE-2024-041