CVE-2024-6422
published 2024-07-10CVE-2024-6422: An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.58%
43.4th percentile
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_edge | — | — |
| pepperl+fuchs | oit1500-f113-b12-cb | <= V2.11.0 | — |
| pepperl+fuchs | oit200-f113-b12-cb | <= V2.11.0 | — |
| pepperl+fuchs | oit500-f113-b12-cb | <= V2.11.0 | — |
| pepperl+fuchs | oit700-f113-b12-cb | <= V2.11.0 | — |
| pepperl-fuchs | oit1500-f113-b12-cb_firmware | <= 2.11.0 | — |
| pepperl-fuchs | oit200-f113-b12-cb_firmware | <= 2.11.0 | — |
| pepperl-fuchs | oit500-f113-b12-cb_firmware | <= 2.11.0 | — |
| pepperl-fuchs | oit700-f113-b12-cb_firmware | <= 2.11.0 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc9.6CRITICAL
vendor_redhat9.6CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fc3j-5g75-8c22: An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data
ghsa_unreviewed·2024-07-10
CVE-2024-6422 [CRITICAL] CWE-306 GHSA-fc3j-5g75-8c22: An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.
Red Hat
chromium-browser: another type Confusion in V8
vendor_redhat·2024-05-23·CVSS 9.6
CVE-2024-5274 [CRITICAL] CWE-843 chromium-browser: another type Confusion in V8
chromium-browser: another type Confusion in V8
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Statement: Chromium is not shipped in any supported Red Hat offerings.
Mitigation: Until updated packages are released for Fedora and EPEL, consider temporarily swapping to an alternative web browser such as Firefox or severely restricting activity to sites you known well and trust.
Package: chromium-browser (Red Hat Enterprise Linux 6) - Out of support scope
Red Hat
chromium-browser: Type Confusion in V8
vendor_redhat·2024-05-15·CVSS 9.6
CVE-2024-4947 [CRITICAL] CWE-416 chromium-browser: Type Confusion in V8
chromium-browser: Type Confusion in V8
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
A type confusion vulnerability was found in the Chromium web browser. This flaw allows an unauthenticated, remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Statement: Chromium is not shipped in any Red Hat offerings.
Mitigation: Until updated packages are released for Fedora and EPEL, consider temporarily swapping to an alternative web browser such as Firefox or severely restricting activity to sites you know well and trust.
Package: chromium-browser (Red Hat Enterprise Linux 6) - Out of support scope
Microsoft
Chromium: CVE-2024-5274 Type Confusion in V8
vendor_msrc·2024-05-14·CVSS 9.6
CVE-2024-5274 [CRITICAL] Chromium: CVE-2024-5274 Type Confusion in V8
Chromium: CVE-2024-5274 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Google is aware that an exploit for CVE-2024-5274 exists in the wild.
FAQ:
Microsoft Edge Channel
Microsoft Edge Version
Date Released
Based on Chromium Version
Stable
125.0.2535.67
5/23/2024
125.0.6422.112
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
Ho
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-10
Published