CVE-2024-4163

HIGH

Skylab IGX IIoT Gateway - Privilege Escalation

Title source: llm
STIX 2.1

Description

The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exec and download functions. By replacing the /etc/passwd file with a new root user entry, the attacker was able to breakout from the limited shell and login to a unrestricted shell with root access. With the root access, the attacker will be able take full control of the IIoT Gateway.

References (1)

Core 1

Scores

CVSS v3 8.0
EPSS 0.0038
EPSS Percentile 29.6%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-862
Status published
Products (1)
Skylab/IIoT Gateway (IGX) 1.2.12
Published Apr 26, 2024
Tracked Since Feb 18, 2026