CRITICAL🇵🇱 Wersja polska

CVE-2024-22081

CVSS 9.8v3.1pub. 2024-03-20upd. 2025-04-16

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism.

🤖 AI Analysis
How it works

The vulnerability is classified as CWE-444 (HTTP Request/Response Smuggling), indicating improper interpretation or processing of HTTP headers by the device. An attacker sends a specially crafted HTTP request containing improperly constructed headers that cause memory corruption in their parsing mechanism. Since this process does not require authentication, any network client with access to the device's HTTP interface can conduct the attack.

Impact

An attacker can remotely cause a breach of confidentiality, integrity, and availability of the device, potentially taking control of it or causing instability. In the context of industrial event recorders, disruption of device operation may prevent the recording of electrical network faults.

Mitigation & patch

Apply patches available from the manufacturer according to references (https://www.elspec-ltd.com/support/security-advisories/). Until an update is applied, it is recommended to isolate the device from public networks and restrict access to the HTTP interface only to trusted hosts using a firewall or network segmentation.

Who is affected

Elspec G5 Digital Fault Recorder (G5Dfr) in firmware version 1.1.4.15 and earlier

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Elspec Ltd G5dfr

    HW
    Elspec-Ltd
    wszystkie wersje
  • Elspec Ltd G5dfr Firmware

    OS
    Elspec-Ltd
    < 1.2.1.12
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-22080CRITICAL9.8PL ✓ten sam produkt

Elspec G5 – nieuwierzytelnione uszkodzenie pamięci podczas parsowania XML

CVE-2024-46603HIGH7.5ten sam produkt

An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 ...

CVE-2024-46602HIGH7.5ten sam produkt

An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Enti...

CVE-2024-46601HIGH7.5ten sam produkt

Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow.

CVE-2024-22079HIGH7.5ten sam produkt

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal ...