CVE-2024-12700 Tibbo CVE debrief

Who should care

Organizations operating Tibbo AggreGate Network Manager for industrial control system (ICS) or operational technology (OT) network management. Security teams responsible for patch management in converged IT/OT environments. Asset owners in critical infrastructure sectors where AggreGate is deployed for device aggregation and monitoring.

Technical summary

The vulnerability exists in the file upload functionality of Tibbo AggreGate Network Manager versions 6.34.02 and earlier. The application fails to properly restrict file types during upload, allowing an authenticated attacker with low privileges to upload a JSP web shell. Once uploaded, the shell can be accessed via HTTP request, executing arbitrary code with the privileges of the web server process. The attack requires network access to the application but no user interaction, with low attack complexity. The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H reflects network attack vector, low privileges required, and high impact on confidentiality, integrity, and availability.

Defensive priority

high

Recommended defensive actions

• Update Tibbo AggreGate Network Manager to Version 6.40.02, 6.34.03, or the latest available version per vendor guidance
• Restrict network access to AggreGate Network Manager management interfaces to trusted administrative hosts only
• Review and validate file upload restrictions and content-type validation on all web-accessible endpoints
• Monitor for unexpected JSP file uploads or execution in web application directories
• Apply defense-in-depth controls including network segmentation for ICS/OT environments per CISA recommended practices

Evidence notes

Vulnerability description and remediation guidance sourced from CISA CSAF advisory ICSA-24-354-05. Affected product versions and patch availability confirmed through vendor remediation statement in source. CVSS vector confirms network attack vector with low privileges required.

Official resources