Siemens has released patches for multiple vulnerabilities in its InterMesh wireless alarm reporting system that could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges on affected devices.
The most critical vulnerability identified is CVE-2024-47901, which carries a CVSSv4 score of 10. The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on the operating system level. This allows an unauthenticated remote attacker to execute arbitrary code with root privileges, posing a significant threat to system integrity.
This vulnerability, when combined with three others—CVE-2024-47902, CVE-2024-47903, and CVE-2024-47904—further increases the risk and as follows
- CVE-2024-47902 with a CVSSv4 score of 6.9 allows for unauthenticated execution of specific commands (such as ping) on the operating system level.
- CVE-2024-47903 with a CVSSv4 score of 6.9 enables attackers to write arbitrary files to the web server’s DocumentRoot directory.
- CVE-2024-47904 with a CVSSv4 score of 8.5, exploits a SUID binary, allowing authenticated local attackers to execute arbitrary commands with root privileges.
The affected products include:
- InterMesh 7177 Hybrid 2.0 Subscriber: All versions < V8.2.12
- InterMesh 7707 Fire Subscriber: All versions < V7.2.12 (only if the IP interface is enabled)
It is recommended that users update the affected InterMesh devices to the latest versions:
- InterMesh 7177 Hybrid 2.0 Subscriber: Update to version V8.2.12 or later.
- InterMesh 7707 Fire Subscriber: Update to version V7.2.12 or later, or alternatively, disable the IP interface to mitigate risk.
