CVE-2024-53542
MEDIUMNovaCHRON Smart Time Plus <8.6 - Privilege Escalation
Title source: llmDescription
Incorrect access control in the component /iclock/Settings?restartNCS=1 of NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 allows attackers to arbitrarily restart the NCServiceManger via a crafted GET request.
References (1)
Core 1
Core References
Various Sources
https://secure77.de/smart-time-plus-rce-cve-2024-53543/
Scores
CVSS v3
6.5
EPSS
0.0022
EPSS Percentile
13.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Published
Feb 24, 2025
Tracked Since
Feb 18, 2026