CVE-2024-46603

An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (DoS) via a crafted XML payload.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.elspec-ltd.com/support/security-advisories/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:elspec-ltd:g5dfr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:elspec-ltd:g5dfr:-:*:*:*:*:*:*:*

History

16 Apr 2025, 15:14

Type	Values Removed	Values Added
First Time		Elspec-ltd g5dfr Firmware Elspec-ltd Elspec-ltd g5dfr
References	~~() https://www.elspec-ltd.com/support/security-advisories/ -~~	() https://www.elspec-ltd.com/support/security-advisories/ - Vendor Advisory
CPE		cpe:2.3:o:elspec-ltd:g5dfr_firmware:::::::: cpe:2.3:h:elspec-ltd:g5dfr:-:::::::*

09 Jan 2025, 16:15

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de entidad externa XML (XXE) en Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 permite a los atacantes provocar una denegación de servicio (DoS) a través de un payload XML manipulada.
References	~~{'url': 'http://elspec.com', 'source': 'cve@mitre.org'}~~ ~~{'url': 'http://g5.com', 'source': 'cve@mitre.org'}~~

07 Jan 2025, 21:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		CWE-611

07 Jan 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-07 16:15

Updated : 2025-04-16 15:14

NVD link : CVE-2024-46603

Mitre link : CVE-2024-46603

CVE.ORG link : CVE-2024-46603

JSON object : View

Products Affected

elspec-ltd

g5dfr
g5dfr_firmware

CWE

CWE-611

Improper Restriction of XML External Entity Reference

7.5 /10