Cyber Resilience

CVE-2024-2413

Critical

Published: 13 March 2024

Published
13 March 2024
Modified
17 March 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0290 86.7th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-2413 is a critical-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Intumit Smartrobot. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 13.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges…

more

and subsequently execute arbitrary code on the remote server using built-in system functionality.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

intumit
smartrobot
≤ 6.2.0-202303TW

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-321

Supply chain protection includes scrutiny of cryptographic implementations, reducing hard-coded keys planted by untrusted vendors.

addresses: CWE-321

Functional and assurance requirements specified in acquisition can prohibit hard-coded cryptographic keys in delivered products.

addresses: CWE-321

Proper key establishment and management processes directly preclude embedding static cryptographic keys in source code or binaries.

addresses: CWE-321

Approved PKI issuance and trust stores replace ad-hoc or hard-coded keys with properly managed, signed certificates.

addresses: CWE-321

Assessments can uncover and prevent suppliers from shipping components that contain hard-coded cryptographic keys.

References