What is CVE-2024-6049?

CVE-2024-6049 is a vulnerability in Lawo Ag Vsm Ltc Time Sync (Vtimesync), classified under CWE-32. Published 2024-10-24.

Is CVE-2024-6049 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Lawo Ag Vsm Ltc Time Sync (Vtimesync)

CVE-2024-6049

The web server of Lawo AG vsm LTC Time Sync (vTimeSync) is affected by a "..." (triple dot) path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from t…

EPSS: 0.729 (98.8th percentile) — read the EPSS interpretation.

Affected products

Lawo Ag Vsm Ltc Time Sync (Vtimesync) — versions 4.5.6.0

Weakness classification (CWE)

CWE-32

Public proof-of-concept exploits

20142995/nuclei-templates
cyb3r-w0lf/nuclei-template-collection
fkie-cad/nvd-json-data-feeds

References

r.sec-consult.com/lawo (third-party-advisory)
lawo.com/lawo-downloads/ (patch)

Frequently asked questions

What is CVE-2024-6049?: CVE-2024-6049 is a vulnerability in Lawo Ag Vsm Ltc Time Sync (Vtimesync), classified under CWE-32. Published 2024-10-24.
Is CVE-2024-6049 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.