PatchSiren cyber security CVE debrief
CVE-2024-39376 marKoni CVE debrief
TELSAT marKoni FM Transmitters contain a critical vulnerability that allows unauthorized users to access sensitive information and perform actions beyond their designated permissions. The vulnerability affects Markoni-D (Compact) and Markoni-DH (Exciter+Amplifiers) FM Transmitters running versions prior to 2.0.1. With a CVSS 3.1 score of 9.8, this represents a critical severity issue exploitable remotely without authentication. The vulnerability was disclosed by CISA on June 27, 2024. marKoni has released firmware version 2.0.1 to address these vulnerabilities. Organizations operating affected transmitters should upgrade immediately and implement network segmentation to limit exposure of ICS devices.
- Vendor
- marKoni
- Product
- Unknown
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-27
- Original CVE updated
- 2024-06-27
- Advisory published
- 2024-06-27
- Advisory updated
- 2024-06-27
Who should care
Broadcast media organizations, radio station operators, telecommunications providers, and critical infrastructure operators using TELSAT marKoni FM transmission equipment. Security teams responsible for operational technology (OT) and industrial control systems (ICS) environments should prioritize this vulnerability due to the critical CVSS score and remote exploitability.
Technical summary
The vulnerability in TELSAT marKoni FM Transmitters enables unauthorized access to sensitive information and allows users to perform actions beyond their designated permissions. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates network-based attack vector with low complexity, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. This suggests an authentication or authorization bypass vulnerability in the transmitter's management interface.
Defensive priority
critical
Recommended defensive actions
- Upgrade TELSAT marKoni FM Transmitters to version 2.0.1 or later
- Contact marKoni for additional remediation guidance
- Implement network segmentation to isolate FM transmitter systems from untrusted networks
- Apply defense-in-depth strategies for industrial control systems
- Monitor for unauthorized access attempts on transmitter management interfaces
Evidence notes
CISA ICS Advisory ICSA-24-179-01 published June 27, 2024. Affected products confirmed through CSAF product tree: marKoni Markoni-D (Compact) FM Transmitters <2.0.1 and marKoni Markoni-DH (Exciter+Amplifiers) FM Transmitters <2.0.1. Remediation version 2.0.1 confirmed in CSAF remediations section.
Official resources
-
CVE-2024-39376 CVE record
CVE.org
-
CVE-2024-39376 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-06-27