CVE-2024-53542

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 24, 2025

Updated: Feb 25, 2025

CWE ID 284

Summary

CVE-2024-53542 is a newly disclosed vulnerability affecting NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus versions 8.x to 8.6. This issue involves incorrect access control in the component /iclock/Settings?restartNCS=1. Maliciously crafted GET requests can exploit this flaw, granting attackers the capability to arbitrarily restart the NCServiceManager. Successful exploitation could lead to disruption of services or potential unauthorized access. Users are urged to upgrade to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0uZ9jQ
https://www.cve.org/CVERecord?id=CVE-2024-53542
https://nvd.nist.gov/vuln/detail/CVE-2024-53542

Back to Vulnerability Database

CVE-2024-53542

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations