CVE-2024-35295 MEDIUM

CVE-2024-35295

Vendor Innomotics
Product Perfect Harmony GH180
Weakness CWE-306 · Missing auth
Published June 11, 2025
Last update June 12, 2025

CVSS base score

6.1/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

A vulnerability has been identified in Perfect Harmony GH180 (All versions >= V8.0 < V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025). The maintenance connection of affected devices fails to protect access to the device's control unit configuration. This could allow an attacker with physical access to the maintenance connection's door port to perform arbitrary configuration changes.

Key dates

02Disclosure timeline

June 11, 2025 CVE published
June 12, 2025 Record updated