Security Advisories
January 2, 2025
| Summary | Severity | Affected Version | CVE ID | Official fix |
|---|---|---|---|---|
| An issue was discovered in Elspec G5 digital fault recorder. A buffer overflow vulnerability may allow an attacker to execute arbitrary code on the operating system. | High | v1.2.1.12 and older | CVE-2024-46601 | V1.2.2.19 |
| An issue was discovered in Elspec G5 digital fault recorder. A stored cross-site scripting (XSS) vulnerability may allow an attacker to execute arbitrary web scripts or HTML. | High | v1.2.1.12 and older | CVE-2024-46602 | V1.2.2.19 |
| An issue was discovered in Elspec G5 digital fault recorder. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload. | High | v1.2.1.12 and older | CVE-2024-46603 | V1.2.2.19 |
Elspec recognizes the valuable contribution of Michael Messner, Caio Farias and Benedikt KĂĽhne from Siemens Energy in the discovery of these CVEs.
March 18, 2024
| Summary | Severity | Affected Version | CVE ID | Official fix |
|---|---|---|---|---|
| An issue was discovered in Elspec G5 digital fault recorder. The SQLite database file has weak permissions. | Medium | v1.1.4.15 and older | CVE-2024-22077 | V1.2.1.12 |
| An issue was discovered in Elspec G5 digital fault recorder. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges. | Medium | v1.1.4.15 and older | CVE-2024-22078 | V1.2.1.12 |
| An issue was discovered in Elspec G5 digital fault recorder. Directory traversal can occur via the system logs download mechanism. | Medium | v1.1.4.15 and older | CVE-2024-22079 | V1.2.1.12 |
| An issue was discovered in Elspec G5 digital fault recorder. Unauthenticated memory corruption can occur during XML body parsing. | High | v1.1.4.15 and older | CVE-2024-22080 | V1.2.1.12 |
| An issue was discovered in Elspec G5 digital fault recorder. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism. | High | v1.1.4.15 and older | CVE-2024-22081 | V1.2.1.12 |
| An issue was discovered in Elspec G5 digital fault recorder. Unauthenticated directory listing can occur: the web interface cay be abused by an attacker get a better understanding of the operating system. | Medium | v1.1.4.15 and older | CVE-2024-22082 | V1.2.1.12 |
| An issue was discovered in Elspec G5 digital fault recorder. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks. | High | v1.1.4.15 and older | CVE-2024-22083 | V1.2.1.12 |
| An issue was discovered in Elspec G5 digital fault recorder. Cleartext passwords and hashes are exposed through log files | Medium | v1.1.4.15 and older | CVE-2024-22084 | V1.2.1.12 |
| An issue was discovered in Elspec G5 digital fault recorder. The shadow file is world readable | Medium | v1.1.4.15 and older | CVE-2024-22085 | V1.2.1.12 |
| Outdated vsftpd service with known DoS issue | Medium | v1.1.4.15 and older | CVE-2021-30047 | V1.2.1.12 |
Elspec recognizes the valuable contribution of Michael Messner and Benedikt KĂĽhne from Siemens Energy in the discovery of these CVEs.