CVE-2024-47903

MEDIUM

InterMesh Hybrid/ Fire <8.2.12/<7.2.12 - File Write

Title source: llm

Description

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices allows to write arbitrary files to the web server's DocumentRoot directory.

References (1)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-333468.html

Scores

CVSS v3 5.8

EPSS 0.0036

EPSS Percentile 57.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-250

Status published

Products (2)

siemens/intermesh_7177_hybrid_2.0_subscriber < 8.2.12

siemens/intermesh_7707_fire_subscriber_firmware < 7.2.12

Published Oct 23, 2024

Tracked Since Feb 18, 2026