Multiple vulnerabilities in Elspec G5 digital fault recorder
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2024-22079 CVE-2024-22080 CVE-2024-22077 CVE-2024-22081 CVE-2024-22084 CVE-2024-22085 CVE-2024-22083 CVE-2024-22082 CVE-2024-22078 |
| CWE-ID | CWE-22 CWE-119 CWE-264 CWE-532 CWE-200 CWE-798 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
G5 digital fault recorder Hardware solutions / Other hardware appliances |
| Vendor | Elspec |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Path traversal
EUVDB-ID: #VU87694
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22079
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the system logs download mechanism. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsG5 digital fault recorder: 1.1.4.15
CPE2.3- cpe:2.3:h:elspec:g5_digital_fault_recorder:*:*:*:*:*:*:*:
- cpe:2.3:h:elspec:g5_digital_fault_recorder:1.1.4.15:*:*:*:*:*:*:
http://www.elspec-ltd.com/support/security-advisories/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU87702
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22080
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error during XML body parsing. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsG5 digital fault recorder: 1.1.4.15
CPE2.3- cpe:2.3:h:elspec:g5_digital_fault_recorder:*:*:*:*:*:*:*:
- cpe:2.3:h:elspec:g5_digital_fault_recorder:1.1.4.15:*:*:*:*:*:*:
http://www.elspec-ltd.com/support/security-advisories/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU87701
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22077
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to weak permissions in SQLite database file, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsG5 digital fault recorder: 1.1.4.15
CPE2.3- cpe:2.3:h:elspec:g5_digital_fault_recorder:*:*:*:*:*:*:*:
- cpe:2.3:h:elspec:g5_digital_fault_recorder:1.1.4.15:*:*:*:*:*:*:
http://www.elspec-ltd.com/support/security-advisories/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU87700
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22081
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the HTTP header parsing mechanism. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsG5 digital fault recorder: 1.1.4.15
CPE2.3- cpe:2.3:h:elspec:g5_digital_fault_recorder:*:*:*:*:*:*:*:
- cpe:2.3:h:elspec:g5_digital_fault_recorder:1.1.4.15:*:*:*:*:*:*:
http://www.elspec-ltd.com/support/security-advisories/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Inclusion of Sensitive Information in Log Files
EUVDB-ID: #VU87699
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22084
CWE-ID:
CWE-532 - Information Exposure Through Log Files
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. A remote attacker can read the log files and gain access to sensitive data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsG5 digital fault recorder: 1.1.4.15
CPE2.3- cpe:2.3:h:elspec:g5_digital_fault_recorder:*:*:*:*:*:*:*:
- cpe:2.3:h:elspec:g5_digital_fault_recorder:1.1.4.15:*:*:*:*:*:*:
http://www.elspec-ltd.com/support/security-advisories/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU87698
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22085
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application within shadow file. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsG5 digital fault recorder: 1.1.4.15
CPE2.3- cpe:2.3:h:elspec:g5_digital_fault_recorder:*:*:*:*:*:*:*:
- cpe:2.3:h:elspec:g5_digital_fault_recorder:1.1.4.15:*:*:*:*:*:*:
http://www.elspec-ltd.com/support/security-advisories/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use of hard-coded credentials
EUVDB-ID: #VU87697
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22083
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded backdoor session ID. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsG5 digital fault recorder: 1.1.4.15
CPE2.3- cpe:2.3:h:elspec:g5_digital_fault_recorder:*:*:*:*:*:*:*:
- cpe:2.3:h:elspec:g5_digital_fault_recorder:1.1.4.15:*:*:*:*:*:*:
http://www.elspec-ltd.com/support/security-advisories/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Path traversal
EUVDB-ID: #VU87696
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22082
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsG5 digital fault recorder: 1.1.4.15
CPE2.3- cpe:2.3:h:elspec:g5_digital_fault_recorder:*:*:*:*:*:*:*:
- cpe:2.3:h:elspec:g5_digital_fault_recorder:1.1.4.15:*:*:*:*:*:*:
http://www.elspec-ltd.com/support/security-advisories/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU87695
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22078
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to weak filesystem permissions in network configuration script, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsG5 digital fault recorder: 1.1.4.15
CPE2.3- cpe:2.3:h:elspec:g5_digital_fault_recorder:*:*:*:*:*:*:*:
- cpe:2.3:h:elspec:g5_digital_fault_recorder:1.1.4.15:*:*:*:*:*:*:
http://www.elspec-ltd.com/support/security-advisories/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
