CVE-2024-8497

Description

Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials.

PUBLISHED Reserved 2024-09-05 | Published 2024-09-24 | Updated 2024-09-25 | Assigner icscert

Problem types

CWE-36 ABSOLUTE PATH TRAVERSAL

Product status

Credits

Pedro Umbelino of Bitsight reported this vulnerability to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-24-268-03

cve.org (CVE-2024-8497)

nvd.nist.gov (CVE-2024-8497)