CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-53542

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.0004/1

CVE-2024-53542 allows attackers to restart the NCServiceManger in NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus via a crafted GET request due to incorrect access control. The vulnerability exists in the /iclock/Settings?restartNCS=1 component, affecting versions v8.x to v8.6. This allows for unauthorized control over the time management system. Although the CVSS score is 0, meaning it has no assigned base score and no impact vector, the SVRS score of 30 suggests there is some real-world risk. The arbitrary restart of the service could disrupt timekeeping operations or be chained with other vulnerabilities for more severe attacks. While not critical based on SVRS, organizations using affected versions should investigate and apply available patches to mitigate potential security risks. Due to the 'In The Wild' tag, active exploitation is possible, necessitating prompt action.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2025-02-24
LAST MODIFIED2025-02-25
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-53542 describes an incorrect access control vulnerability found in NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus versions v8.x to v8.6. Specifically, the /iclock/Settings?restartNCS=1 component lacks proper access restrictions, allowing attackers to arbitrarily restart the NCServiceManger by sending a crafted GET request. The SVRS score is 0, which doesn't reflect critical risk.

Key Insights

  • Impact: Successful exploitation allows unauthorized attackers to restart the NCServiceManger. While not directly disclosing data, this could disrupt timekeeping services, potentially impacting operations reliant on accurate time data.
  • Low Severity: The low CVSS score of 6.5 and the SVRS score of 0 suggests that the vulnerability is not considered highly critical. Exploitation may require specific network configurations or local access.
  • Limited Information: Based on the provided data, there is no indication of active exploitation in the wild, known threat actors targeting this vulnerability, or CISA warnings. Public exploits haven't been published.

Mitigation Strategies

  • Access Control Review and Implementation: Implement proper access control mechanisms for the /iclock/Settings?restartNCS=1 component. Restrict access to authorized personnel only, requiring authentication and authorization checks before allowing the restart of NCServiceManger.
  • Software Update: Upgrade to a patched version of NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus if one is available. Contact the vendor to inquire about available patches or security advisories related to this vulnerability.
  • Network Segmentation: Implement network segmentation to isolate the Smart Time Plus system from other critical systems. This can limit the potential impact of a successful exploit.
  • Monitor System Logs: Continuously monitor system logs for suspicious activity, such as unauthorized requests to restart the NCServiceManger. Set up alerts to notify security personnel of any unusual events.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-53542 | NovaCHRON Zeitsysteme Smart Time Plus up to 8.6 NCServiceManger Settings?restartNCS=1 access control
vuldb.com2025-02-25
CVE-2024-53542 | NovaCHRON Zeitsysteme Smart Time Plus up to 8.6 NCServiceManger Settings?restartNCS=1 access control | A vulnerability was found in NovaCHRON Zeitsysteme Smart Time Plus up to 8.6. It has been classified as problematic. Affected is an unknown function of the file /iclock/Settings?restartNCS=1 of the component NCServiceManger. The manipulation leads to improper access controls. This vulnerability is traded as <a href="https://vuldb.com
vuldb.com
rss
forum
news

Social Media

New post from https://t.co/uXvPWJy6tj (CVE-2024-53542 | NovaCHRON Zeitsysteme Smart Time Plus up to 8.6 NCServiceManger Settings?restartNCS=1 access control) has been published on https://t.co/EkAW4Yo9kY
0
0
0
CVE-2024-53542 Incorrect access control in the component /iclock/Settings?restartNCS=1 of NovaCHRON Zeitsysteme GmbH &amp; Co. KG Smart Time Plus v8.x to v8.6 allows attackers to arbitr… https://t.co/VzSWz1OuM5
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://secure77.de/smart-time-plus-rce-cve-2024-53543/
GITHUBhttps://secure77.de/smart-time-plus-rce-cve-2024-53543/

CWE Details

CWE IDCWE NameDescription
CWE-284Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence