CVE-2024-53522

HIGH

Bangkok Medical Software HOSxP XE <4.64.11.3 - Info Disclosure

Title source: llm

Description

Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information.

Exploits (1)

nomisec WORKING POC 3 stars

by Safecloudth · poc

https://github.com/Safecloudth/CVE-2024-53522

View Code ZIP pw:eip

References (4)

[Various Sources] http://bangkok.com

[Various Sources] http://hosxp.com

[Various Sources] http://hosxp.net

[Various Sources] https://www.safecloud.co.th/researches/blog/CVE-2024-53522

Scores

CVSS v3 7.5

EPSS 0.0096

EPSS Percentile 76.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-331

Status published

Published Jan 07, 2025

Tracked Since Feb 18, 2026