Home

Description

EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access.

PUBLISHED Reserved 2024-12-10 | Published 2025-05-09 | Updated 2025-05-13 | Assigner Mandiant

Problem types

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

Product status

Default status
affected

24.04 (custom)
affected

24.17 (custom)
unaffected

Credits

Nick Guttilla, Mandiant finder

Neal Trischitta, Mandiant finder

References

github.com/...Disclosures/blob/master/2025/MNDT-2025-0002.md third-party-advisory

www.enersys.com/...rate/cve/enersys_cve-2024-12442-final.pdf vendor-advisory

cve.org (CVE-2024-12442)

nvd.nist.gov (CVE-2024-12442)

Download JSON