CVE-2024-8497

Absolute Path Traversal (CWE-36)

Published: Sep 25, 2024 / Updated: 56d ago

010
CVSS 8.7EPSS 0.04%High
CVE info copied to clipboard

Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-8497. See article

Sep 24, 2024 at 2:36 PM / Cybersecurity and Infrastructure Security Agency CISA
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Sep 24, 2024 at 2:37 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Sep 24, 2024 at 11:44 PM
CVE Assignment

NVD published the first details for CVE-2024-8497

Sep 25, 2024 at 1:15 AM
CVSS

A CVSS base score of 7.5 has been assigned.

Sep 25, 2024 at 1:22 AM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.6%)

Sep 25, 2024 at 9:39 AM
Static CVE Timeline Graph

Affected Systems

Franklinfueling/ts-550_evo
+null more

Attack Patterns

CAPEC-597: Absolute Path Traversal
+null more

News

ATG: critical vulnerabilities on fuel stations
In addition to the ATC vulnerabilities, security flaws have also been discovered in the open-source solution OpenPLC, including a serious stack-based buffer overflow bug (CVE-2024-34026, CVSS score: 9.0) that could be exploited to gain access to remote code execution. Since not only ATGs are involved, the development comes as the Cybersecurity and Infrastructure Security Agency (CISA) of the United States has reported an increase in threats to Internet-accessible OT and ICS systems including those in the Water and Wastewater Systems (WWS) sector.
Critical Flaws In Tank Gauge Systems Expose Gas Stations To Remote Attacks
Security flaws have also been uncovered in the open-source OpenPLC solution, including a critical stack-based buffer overflow bug (CVE-2024-34026, CVSS score: 9.0) that could be exploited to achieve remote code execution. Also of note are several critical vulnerabilities in the AJCloud IP camera management platform that, if successfully exploited, could lead to the exposure of sensitive user data and provide attackers with full remote control of any camera connected to the smart home cloud service.
Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks
Security flaws have also been uncovered in the open-source OpenPLC solution, including a critical stack-based buffer overflow bug (CVE-2024-34026, CVSS score: 9.0) that could be exploited to achieve remote code execution. Also of note are several critical vulnerabilities in the AJCloud IP camera management platform that, if successfully exploited, could lead to the exposure of sensitive user data and provide attackers with full remote control of any camera connected to the smart home cloud service.
Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks
Security flaws have also been uncovered in the open-source OpenPLC solution, including a critical stack-based buffer overflow bug (CVE-2024-34026, CVSS score: 9.0) that could be exploited to achieve remote code execution. Also of note are several critical vulnerabilities in the AJCloud IP camera management platform that, if successfully exploited, could lead to the exposure of sensitive user data and provide attackers with full remote control of any camera connected to the smart home cloud service.
Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks
Security flaws have also been uncovered in the open-source OpenPLC solution, including a critical stack-based buffer overflow bug (CVE-2024-34026, CVSS score: 9.0) that could be exploited to achieve remote code execution. Also of note are several critical vulnerabilities in the AJCloud IP camera management platform that, if successfully exploited, could lead to the exposure of sensitive user data and provide attackers with full remote control of any camera connected to the smart home cloud service.
See 18 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI