Risk | High |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2024-0056 CVE-2024-30045 |
CWE-ID | CWE-254 CWE-122 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
INTRALOG WMS Other software / Other software solutions |
Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU85244
Risk: High
CVSSv3.1: 7.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0056
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to security features bypass in Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider. A remote attacker can evade the encryption used in a TLS connection.
MitigationInstall update from vendor's website.
Vulnerable software versionsINTRALOG WMS: before 4
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-417547.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89431
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-30045
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in .NET and Visual Studio. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsINTRALOG WMS: before 4
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-417547.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.