Cyber Resilience

CVE-2024-46602

High

Published: 07 January 2025

Published
07 January 2025
Modified
16 April 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0006 20.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-46602 is a high-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Elspec-Ltd G5Dfr Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-46602 is an XML External Entity (XXE) vulnerability affecting the Elspec G5 digital fault recorder in version 1.2.1.12 and earlier. The flaw, classified under CWE-611, enables an attacker to process a crafted XML payload that triggers a Denial of Service (DoS) condition. It received a CVSS v3.1 base score of 7.5, reflecting high severity due to its network accessibility and availability impact.

The vulnerability can be exploited by any unauthenticated attacker with network access to the affected device, requiring low complexity and no user interaction. Successful exploitation disrupts device availability by causing a DoS, with no reported impacts on confidentiality or integrity.

For mitigation details, refer to the vendor's security advisory at https://www.elspec-ltd.com/support/security-advisories. The CVE was published on 2025-01-07.

EU & UK References

Vulnerability details

An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

XXE flaw in network-exposed device directly enables unauthenticated exploitation of public-facing application (T1190) to trigger endpoint DoS via crafted XML (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-46603Same product: Elspec-Ltd G5Dfr
CVE-2024-46601Same product: Elspec-Ltd G5Dfr
CVE-2025-10713Shared CWE-611
CVE-2026-24400Shared CWE-611
CVE-2025-12531Shared CWE-611
CVE-2025-65482Shared CWE-611
CVE-2025-65868Shared CWE-611
CVE-2024-56322Shared CWE-611
CVE-2024-49352Shared CWE-611
CVE-2024-2374Shared CWE-611

Affected Assets

elspec-ltd
g5dfr firmware
≤ 1.2.2.19

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses remediation of the specific XXE flaw in the Elspec G5 by identifying, patching, and testing updates per vendor advisory.

prevent

Enforces validation of crafted XML payloads to prevent external entity processing that triggers the DoS condition.

prevent

Limits the effects of DoS caused by successful XXE exploitation through traffic monitoring and rejection of prohibitive communications.

References