These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2024-49399 is a HIGH severity authentication bypass vulnerability in the Elvaco M-Bus Metering Gateway CMe3100, published by CISA on October 17, 2024, with an update on November 14, 2024. The vulnerability allows an unauthenticated attacker to execute commands without providing a password, potentially leading to information disclosure. The affected product is specifically Elvaco CMe3100 version 1.12.1 [truncated]
CVE-2024-49398 is a critical vulnerability (CVSS 9.1) affecting the Elvaco M-Bus Metering Gateway CMe3100, specifically version 1.12.1. The vulnerability stems from unrestricted file uploads, which may allow an attacker to remotely execute code on affected devices. CISA published this advisory on October 17, 2024, with an update (Update A) on November 14, 2024, adding mitigation information. The vendor, E [truncated]
A stored cross-site scripting (XSS) vulnerability in the Elvaco CMe3100 M-Bus Metering Gateway allows unauthenticated remote attackers to bypass authentication and compromise administrative accounts. The flaw, rated CVSS 3.1 8.1 (High), was disclosed by CISA on October 17, 2024, with an advisory update on November 14, 2024 adding mitigation guidance. The affected version is 1.12.1. Elvaco released firmwar [truncated]
CVE-2024-49396 is a HIGH severity vulnerability (CVSS 7.5) in the Elvaco M-Bus Metering Gateway CMe3100, published on 2024-10-17 and last modified on 2024-11-14. The vulnerability stems from insufficiently protected credentials in the affected product, which may allow an attacker to impersonate Elvaco and transmit false information. The CISA advisory (ICSA-24-291-01) was initially published on 2024-10-17 [truncated]