Processplus
CVE-2024-6911
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (cyberdanube) · only source for this CVE.
CVSS VectorVendor: cyberdanube
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0.
AnalysisAI
Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.11.6507.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-552. Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.11.6507.0. Affected products include: Perkinelmer Processplus. Version information: through 1.11.6507.0..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Processplus
View allExecution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windo
Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all pron
Same technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today