CVE-2024-48974

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-48974
The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure.

9.3 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
Configurations

No configuration.

History

No history.

Information

Published : 2024-11-14 22:15

Updated : 2024-11-15 13:58

NVD link : CVE-2024-48974

Mitre link : CVE-2024-48974

CVE.ORG link : CVE-2024-48974

JSON object : View

Products Affected

No product.

CWE
CWE-494

Download of Code Without Integrity Check