CVE-2024-6787

This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses.
Configurations

Configuration 1 (hide)

cpe:2.3:a:moxa:mxview_one:*:*:*:*:*:*:*:*

History

30 Sep 2024, 18:02

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.3
v2 : unknown
v3 : 5.9
First Time Moxa mxview One
Moxa
CPE cpe:2.3:a:moxa:mxview_one:*:*:*:*:*:*:*:*
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 - Third Party Advisory, US Government Resource
References () https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series - () https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series - Patch, Vendor Advisory

26 Sep 2024, 07:15

Type Values Removed Values Added
References
  • () https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 -
Summary
  • (es) Esta vulnerabilidad se produce cuando un atacante aprovecha una condición de ejecución entre el momento en que se comprueba un archivo y el momento en que se utiliza (TOCTOU). Al aprovechar esta condición de ejecución, un atacante puede escribir archivos arbitrarios en el sistema. Esto podría permitirle ejecutar código malicioso y potencialmente provocar pérdidas de archivos.

21 Sep 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-21 05:15

Updated : 2024-09-30 18:02


NVD link : CVE-2024-6787

Mitre link : CVE-2024-6787

CVE.ORG link : CVE-2024-6787


JSON object : View

Products Affected

moxa

  • mxview_one
CWE
CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition