CVE-2024-1015 - Vulnerability Details - OpenCVE

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Se-elektronic	E-ddc3.3 E-ddc3.3 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:se-elektronic:e-ddc3.3_firmware:03.07.03:*:*:*:*:*:*:*

cpe:2.3:h:se-elektronic:e-ddc3.3:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products

History

Fri, 03 Jan 2025 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Se-elektronic e-ddc3.3 Firmware
CPEs	cpe:2.3:o:se-elektronicgmbh:e-ddc3.3_firmware:03.07.03:::::::*	cpe:2.3:o:se-elektronic:e-ddc3.3_firmware:03.07.03:::::::*
Vendors & Products	Se-elektronicgmbh Se-elektronicgmbh e-ddc3.3 Firmware	Se-elektronic e-ddc3.3 Firmware

Thu, 26 Dec 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Se-elektronic Se-elektronic e-ddc3.3
CPEs	cpe:2.3:h:se-elektronicgmbh:e-ddc3.3:-:::::::*	cpe:2.3:h:se-elektronic:e-ddc3.3:-:::::::*
Vendors & Products	Se-elektronicgmbh e-ddc3.3	Se-elektronic Se-elektronic e-ddc3.3

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2024-01-29T13:46:32.256Z

Updated: 2024-08-01T18:26:30.426Z

Reserved: 2024-01-29T10:06:20.593Z

Link: CVE-2024-1015

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-29T14:15:09.657

Modified: 2025-01-03T19:15:53.587

Link: CVE-2024-1015

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1015", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2024-01-29T10:06:20.593Z", "datePublished": "2024-01-29T13:46:32.256Z", "dateUpdated": "2024-08-01T18:26:30.426Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "E-DDC3.3", "vendor": "SE-elektronic GmbH", "versions": [{"status": "affected", "version": "03.07.03"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Carlos Antonini"}], "datePublic": "2024-01-29T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": " Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device."}], "value": " Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2024-01-30T08:16:42.159Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products"}, {"tags": ["third-party-advisory"], "url": "https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.426Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products", "tags": ["x_transferred"]}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:se-elektronic:e-ddc3.3_firmware:03.07.03:*:*:*:*:*:*:*", "matchCriteriaId": "21E9EB83-8C81-483F-9070-F2770ACE5292", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:se-elektronic:e-ddc3.3:-:*:*:*:*:*:*:*", "matchCriteriaId": "22B4F64C-D42B-4066-A729-E759847AC2E5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": " Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n remota de comandos en SE-elektronic GmbH E-DDC3.3 que afecta a las versiones 03.07.03 y superiores. Un atacante podr\u00eda enviar diferentes comandos desde el sistema operativo al sistema a trav\u00e9s de la funcionalidad de configuraci\u00f3n web del dispositivo."}], "id": "CVE-2024-1015", "lastModified": "2025-01-03T19:15:53.587", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-29T14:15:09.657", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html"}, {"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}