CVE-2024-6911 Scanner
CVE-2024-6911 scanner - Local File Inclusion vulnerability in PerkinElmer ProcessPlus
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 2 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
PerkinElmer ProcessPlus is widely used in industrial and scientific settings to streamline process management. It's often deployed by research institutions, laboratories, and industrial automation engineers. This software helps monitor and control production processes in real-time, providing users with insights to improve efficiency. ProcessPlus is particularly valued for its integration with analytical instruments. However, its broad accessibility can expose systems to vulnerabilities if not properly secured.
The vulnerability allows unauthorized external parties to access system files due to Local File Inclusion (LFI). Exploiting this flaw grants attackers access to sensitive files stored on the Windows system. Affected systems can expose critical configuration files, leading to broader exploitation. This issue can be leveraged without authentication, making it highly dangerous.
The vulnerability stems from an insecure endpoint in PerkinElmer ProcessPlus that allows file paths to be manipulated. Specifically, the filename parameter in the log download functionality is vulnerable, enabling attackers to perform directory traversal attacks. By exploiting this, attackers can access files such as win.ini from the Windows directory. The vulnerable parameter, combined with weak validation mechanisms, facilitates unauthorized file access.
If exploited, this vulnerability could allow attackers to view sensitive system configurations or obtain credentials stored in exposed files. This could result in unauthorized access to the system, further escalating to privilege escalation or complete system compromise. Critical files may also be tampered with, potentially disrupting system functionality and leading to downtime.
With SecurityForEveryone (S4E), users can ensure that their digital assets are continuously monitored for vulnerabilities like the Local File Inclusion in PerkinElmer ProcessPlus. The platform provides actionable insights and automated vulnerability detection, helping to secure your infrastructure against external threats. S4E's user-friendly interface and timely reports make managing cyber risk simpler and more efficient. Join today to protect your organization and gain access to cutting-edge vulnerability scanning tools.
References:
