CRITICAL🇵🇱 Wersja polska

CVE-2024-22080

CVSS 9.8v3.1pub. 2024-03-20upd. 2025-04-16

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing.

🤖 AI Analysis
How it works

The vulnerability (CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer) occurs in the XML content parsing module. An attacker can send a specially crafted request containing malicious XML payload without any authentication. Improper handling of input data leads to write or read operations outside the boundaries of the allocated memory buffer, which may result in taking control of the program execution flow.

Impact

Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code remotely (RCE) on the device, as well as compromise the confidentiality, integrity, and availability of the system – corresponding to maximum component scores in the CVSS vector.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references (https://www.elspec-ltd.com/support/security-advisories/). Until updates are deployed, it is recommended to restrict network access to the device through a firewall or OT/ICS network segmentation and prevent direct access from untrusted networks.

Who is affected

Elspec G5 Digital Fault Recorder (G5Dfr) – firmware versions 1.1.4.15 and earlier.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Elspec Ltd G5dfr

    HW
    Elspec-Ltd
    wszystkie wersje
  • Elspec Ltd G5dfr Firmware

    OS
    Elspec-Ltd
    < 1.2.1.12
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-22081CRITICAL9.8PL ✓ten sam produkt

Nieuwierzytelniona korupcja pamięci w Elspec G5 Digital Fault Recorder

CVE-2024-46603HIGH7.5ten sam produkt

An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 ...

CVE-2024-46602HIGH7.5ten sam produkt

An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Enti...

CVE-2024-46601HIGH7.5ten sam produkt

Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow.

CVE-2024-22079HIGH7.5ten sam produkt

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal ...