CVE-2024-57395

Critical

Published: 29 January 2025

Published

29 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0332 87.3th percentile

Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Description

Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters.

Security Summary

CVE-2024-57395 is a password vulnerability in the Safety production process management system version 1.0. The issue, tied to CWE-522 (Insufficiently Protected Credentials), enables a remote attacker to escalate privileges, execute arbitrary code, and obtain sensitive information by exploiting the password and account number parameters. Published on 2025-01-29, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its high impact on confidentiality, integrity, and availability.

A remote attacker requires only network access to exploit this vulnerability, with no privileges, user interaction, or special conditions needed owing to its low complexity. Exploitation allows full privilege escalation, remote code execution, and unauthorized access to sensitive data via manipulation of the specified parameters.

Advisories and additional details are available at http://www.hzzcka.com/ and https://github.com/qtxz54/Vul/blob/main/WeakPasswd/Safety-production-process-management-system.md.

Details

CWE(s): CWE-522

References

http://www.hzzcka.com/
cve@mitre.org
https://github.com/qtxz54/Vul/blob/main/WeakPasswd/Safety-production-process-management-system.md
cve@mitre.org