[Security Bulletin] Portable Inspector Management Program Improper Input Validation Vulnerability

Overall Information

• Original Released Date: January 8, 2025
• Update Date: January 8, 2025
• CVE Identifier(s) (If appliable): CVE-2024-47934
• CVSS Version 3.1
  • Severity: Medium
  • Score: 5.3
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
• CVSS Version 4.0
  • Severity: Medium
  • Score: 6.9
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

TXOne Networks has released a new Management Program for Portable Inspector that resolve the vulnerability in the product.

Description

Improper Input Validation vulnerability in Management Program in TXOne Networks Portable Inspector and Portable Inspector Pro Edition allows remote attacker to crash management service. The Denial of Service situation can be resolved by restarting the management service.
This issue affects Portable Inspector: through 1.0.0; Portable Inspector Pro Edition: through 1.0.0.

Please note that the Denial of Service vulnerability only affects the Management Program and the issue can be resolved by restarting the management service.

Affected Version(s)

Solution

TXOne Networks has released the following solution to address the issue

These are the minimum recommended version(s) of the patches and/or builds required to address the issue. TXOne Networks highly encourages customers to obtain the latest version of the product if there is a newer one available than the one listed in this bulletin.

Acknowledgement

TXOne Networks would like to thank the following individual for responsibly disclosing these issues and working with TXOne Networks to help protect our customers:

• Thomas Riedmaier of Siemens Energy

External Reference(s)

• CVE-2024-47934
• https://www.txone.com/psirt/advisories/cve-2024-47934/

If you encounter any problems related to this vulnerability, please contact security@txone.com