cbcvebase.
CVE-2024-47902
published 2024-10-23

CVE-2024-47902: A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.50%
39.0th percentile
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not authenticate GET requests that execute specific commands (such as `ping`) on operating system level.

Affected

4 ranges
VendorProductVersion rangeFixed in
siemensintermesh_7177_hybrid_2.0_subscriber< V8.2.12V8.2.12
siemensintermesh_7177_hybrid_2.0_subscriber< 8.2.128.2.12
siemensintermesh_7707_fire_subscriber< V7.2.12V7.2.12
siemensintermesh_7707_fire_subscriber_firmware< 7.2.127.2.12

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2024-47902: The web server of affected Siemens InterMesh devices does not authenticate GET requests that execute specific OS-level commands (such as ping) — monitor for unauthenticated GET requests to the InterMesh web server that include OS command parameters (e.g., ping) without any authentication headers/session tokens.
  • CVE-2024-47902 is part of a chained exploit with CVE-2024-47901, CVE-2024-47903, and CVE-2024-47904 that together enable unauthenticated remote root code execution — detection logic should correlate all four CVEs being triggered in sequence against the same source IP.
  • ·CVE-2024-47902 (Missing Authentication for Critical Function) on the InterMesh 7707 Fire Subscriber is only exploitable if the IP interface is enabled, which is NOT the default configuration — verify IP interface status before assessing exposure.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.