CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-41974 – WAGO: BACNet Service Property Modification Due to Permission Misconfiguration in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41974
A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-41973 – WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices
https://notcve.org/view.php?id=CVE-2024-41973
A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-35: Path Traversal: '.../ •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-41972 – WAGO: Arbitrary File Overwrite Leading to Privileged File Read in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41972
A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-35: Path Traversal: '.../ •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-41971 – WAGO: Arbitrary File Overwrite in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41971
A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.7EPSS: 0%CPEs: 10EXPL: 0CVE-2024-41970 – WAGO: Unauthorized Diagnostic Data Exposure in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41970
A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-732: Incorrect Permission Assignment for Critical Resource •