CVE-2024-47904

Summary

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The affected devices contain a SUID binary that could allow an authenticated local attacker to execute arbitrary commands with root privileges.

Affected Software

VendorProductVersion RangeStatus
SiemensInterMesh 7177 Hybrid 2.0 Subscriber0 < V8.2.12affected
SiemensInterMesh 7707 Fire Subscriber0 < V7.2.12affected

Weaknesses

  • CWE-266: CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References