CVE-2024-6596
published 2024-09-10CVE-2024-6596: An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.79%
51.7th percentile
An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| endress+hauser | echo_curve_viewer | <= 5.2.2.6 | — |
| endress+hauser | field_xpert_smt50 | <= SMT50_Win10_LTSC_21H2_v1.07.00_RC02_03 | — |
| endress+hauser | field_xpert_smt70 | <= SMT70_Win10_LTSC_21H2_v1.07.00_RC02_01 | — |
| endress+hauser | field_xpert_smt77 | <= SMT77_Win10_SAC_22H2_v1.08.04_RC03_02 | — |
| endress+hauser | field_xpert_smt79 | <= V1.08.02-1.8.8684.34292 | — |
| endress+hauser | fieldcare_sfe500_package_usb | <= V1.40.00.7448 | — |
| endress+hauser | fieldcare_sfe500_package_web-package | <= V1.40.00.7448 | — |
| endress | echo_curve_viewer | < 6.0.0 | 6.0.0 |
| endress | fieldcare_sfe500_package | < 1.40.1 | 1.40.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-10
Published