CVE-2024-22894

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Jaarden/AlphaInnotec-Password-Vulnerability/	Exploit Third Party Advisory
https://github.com/Jaarden/CVE-2024-22894	Exploit Third Party Advisory
https://github.com/Jaarden/AlphaInnotec-Password-Vulnerability/	Exploit Third Party Advisory
https://github.com/Jaarden/CVE-2024-22894	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:alpha-innotec:heat_pumps_firmware::::::::
	cpe:2.3:o:alpha-innotec:heat_pumps_firmware::::::::
	cpe:2.3:o:alpha-innotec:heat_pumps_firmware::::::::

cpe:2.3:h:alpha-innotec:heat_pumps:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:novelan:heat_pumps_firmware::::::::
	cpe:2.3:o:novelan:heat_pumps_firmware::::::::
	cpe:2.3:o:novelan:heat_pumps_firmware::::::::

cpe:2.3:h:novelan:heat_pumps:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-01-30 10:15

Updated : 2024-11-21 08:56

NVD link : CVE-2024-22894

Mitre link : CVE-2024-22894

CVE.ORG link : CVE-2024-22894

JSON object : View

Products Affected

alpha-innotec

heat_pumps
heat_pumps_firmware

novelan

heat_pumps
heat_pumps_firmware

CWE

CWE-326

Inadequate Encryption Strength

{"id": "CVE-2024-22894", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2024-01-30T10:15:09.833", "references": [{"url": "https://github.com/Jaarden/AlphaInnotec-Password-Vulnerability/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Jaarden/CVE-2024-22894", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Jaarden/AlphaInnotec-Password-Vulnerability/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Jaarden/CVE-2024-22894", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-326"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file."}, {"lang": "es", "value": "Un problema en AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-9015 y Novelan Heatpumps wp2reg-V.3.88.0-9015 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente de contrase\u00f1a en el archivo sombra."}], "lastModified": "2024-11-21T08:56:45.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alpha-innotec:heat_pumps_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0748DE3E-9C10-4E55-9CE2-2FC142C70AA2", "versionEndExcluding": "2.88.3"}, {"criteria": "cpe:2.3:o:alpha-innotec:heat_pumps_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AB21F68-A56D-44F4-9E8F-35FE4F633276", "versionEndExcluding": "3.89.0", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:o:alpha-innotec:heat_pumps_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF001062-843A-48C0-BBB1-39EF0169FF04", "versionEndExcluding": "4.81.3", "versionStartIncluding": "4.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alpha-innotec:heat_pumps:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D87D8C1B-B1F7-4FC4-B857-5BEEA2A8C74F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:novelan:heat_pumps_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDDB466A-0CC1-4C7B-914A-BEC7A3AFA835", "versionEndExcluding": "2.88.3"}, {"criteria": "cpe:2.3:o:novelan:heat_pumps_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F60C4875-FB5D-41A8-8FCC-EEF050BDE9A3", "versionEndExcluding": "3.89.0", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:o:novelan:heat_pumps_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DFEEE56-A799-4CCD-A33B-83A0177FCF71", "versionEndExcluding": "4.81.3", "versionStartIncluding": "4.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:novelan:heat_pumps:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80BCEF4F-B08E-4776-94D9-EABA4F3BE412"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}