← Back

CVE-2024-6596

nvd nist
Published: Sep 10, 2024Modified: Jun 17, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: info@cert.vde.com (Secondary)

Description

An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.

Affected (6)

Endress
6 products
Echo Curve Viewer
Fieldcare Sfe500 Package
Field Xpert Smt79 Firmware
Field Xpert Smt77 Firmware
Field Xpert Smt70 Firmware
Field Xpert Smt50 Firmware
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Echo Curve Viewer
Before 6.0.0
Fieldcare Sfe500 Package
Before 1.40.1
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Field Xpert Smt79 Firmware
All versions
Running on/withPlatform Versions
Endress
Field Xpert Smt79
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Field Xpert Smt77 Firmware
All versions
Running on/withPlatform Versions
Endress
Field Xpert Smt77
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Field Xpert Smt70 Firmware
All versions
Running on/withPlatform Versions
Endress
Field Xpert Smt70
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Field Xpert Smt50 Firmware
All versions
Running on/withPlatform Versions
Endress
Field Xpert Smt50
All versions

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (1)

Source: info@cert.vde.com
Third Party Advisory

Timeline

No history available yet.