CVE-2024-22894

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Jan 30, 2024
Updated: Mar 5, 2024
CWE ID 326

Summary

CVE-2024-22894 is a vulnerability that affects AIT-Deutschland Alpha Innotec Heatpumps versions V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, and Novelan Heatpumps versions V2.88.3 or later, V3.89.0 or later, V4.81.3 or later. This vulnerability allows remote attackers to execute arbitrary code by exploiting the password component in the shadow file. To remediate this issue, users should update to AIT-Deutschland Alpha Innotec Heatpumps version 2.88.3 or later, 3.89.0 or later, 4.81.3 or later, and Novelan Heatpumps version 2.88.3 or later, 3.89.0 or later, 4.81.3 or later where the issue has been fixed. The potential danger of this vulnerability to organizations is high as it can lead to the execution of arbitrary code by remote attackers, which can result in unauthorized access and compromise of sensitive information stored within the affected heat pump systems.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-22894 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options