cbcvebase.
CVE-2024-6596
published 2024-09-10

CVE-2024-6596: An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.79%
51.7th percentile
An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.

Affected

9 ranges
VendorProductVersion rangeFixed in
endress+hauserecho_curve_viewer<= 5.2.2.6
endress+hauserfield_xpert_smt50<= SMT50_Win10_LTSC_21H2_v1.07.00_RC02_03
endress+hauserfield_xpert_smt70<= SMT70_Win10_LTSC_21H2_v1.07.00_RC02_01
endress+hauserfield_xpert_smt77<= SMT77_Win10_SAC_22H2_v1.08.04_RC03_02
endress+hauserfield_xpert_smt79<= V1.08.02-1.8.8684.34292
endress+hauserfieldcare_sfe500_package_usb<= V1.40.00.7448
endress+hauserfieldcare_sfe500_package_web-package<= V1.40.00.7448
endressecho_curve_viewer< 6.0.06.0.0
endressfieldcare_sfe500_package< 1.40.11.40.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.