SB2024022342 - Multiple vulnerabilities in Commend WS203VICM

Security Bulletin ID SB2024022342

Severity

High

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Improper Neutralization of Argument Delimiters in a Command (CVE-ID: CVE-2024-22182)

The vulnerability allows a remote attacker to compromsie the target system.

The vulnerability exists due to an argument injection issue. A remote attacker can send a specially crafted message to the web server and perform a denial of service (DoS) attack.

2) Improper access control (CVE-ID: CVE-2024-21767)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.

3) Weak Encoding for Password (CVE-ID: CVE-2024-23492)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a weak encoding is used to transmit credentials. A remote attacker on the local network can retrieve the credentials from another user.

Remediation

Install update from vendor's website.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-01