CVE-2024-28750 HIGH

CVE-2024-28750: ifm: Deleting function in Smart PLC allows command injections

Vendor Ifm

Product Smart PLC AC14xx Firmware

Weakness CWE-78

Published July 9, 2024

Last update August 2, 2024

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A remote attacker with high privileges may use a deleting file function to inject OS commands.

Key dates

July 9, 2024 CVE published

August 2, 2024 Record updated

External resources

Related vulnerabilities

CVE CVE-2024-28750

CWE CWE-78

CVSS 7.2 / HIGH

Vendor Ifm

Product Smart PLC AC14xx Firmware

Affected ≤ V4.3.17

Vendor Ifm

Product Smart PLC AC4xxS Firmware

Affected ≤ V4.3.17