{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-22894","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2024-08-29T19:36:54.667Z","dateReserved":"2024-01-11T00:00:00.000Z","datePublished":"2024-01-30T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2024-03-05T20:59:12.779Z"},"descriptions":[{"lang":"en","value":"An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"https://github.com/Jaarden/AlphaInnotec-Password-Vulnerability/"},{"url":"https://github.com/Jaarden/CVE-2024-22894"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T22:51:11.274Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/Jaarden/AlphaInnotec-Password-Vulnerability/","tags":["x_transferred"]},{"url":"https://github.com/Jaarden/CVE-2024-22894","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-326","lang":"en","description":"CWE-326 Inadequate Encryption Strength"}]}],"affected":[{"vendor":"alpha-innotec","product":"heat_pumps_firmware","cpes":["cpe:2.3:o:alpha-innotec:heat_pumps_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"2.88.3","versionType":"custom"},{"version":"3.0.0","status":"affected","lessThan":"3.89.0","versionType":"custom"},{"version":"4.0.0","status":"affected","lessThan":"4.81.3","versionType":"custom"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.8,"attackVector":"PHYSICAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-08-29T19:18:42.501433Z","id":"CVE-2024-22894","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-29T19:36:54.667Z"}}]}}