CVE-2024-5404

🗓️ 03 Jun 2024 09:00:55Reported by CERTVDEType

CVE-2024-5404 vulnerability in NVD

Reporter	Title	Published	Views	Family All 7
BDU FSTEC	The vulnerability of the “Forgotten Password” function on the IIoT platform of ifm Moneo devices, including IFM QHA300, IFM QHA210, and IFM QVA200, allows a hacker to change the administrator password.	2 Jul 202400:00	–	bdu_fstec
Circl	CVE-2024-5404	4 Jun 202415:42	–	circl
Cvelist	CVE-2024-5404 ifm: moneo prone to weak password recovery mechanism	3 Jun 202409:00	–	cvelist
EUVD	EUVD-2024-46626	3 Oct 202520:07	–	euvd
NVD	CVE-2024-5404	3 Jun 202409:15	–	nvd
RedhatCVE	CVE-2024-5404	5 Feb 202506:31	–	redhatcve
Vulnrichment	CVE-2024-5404 ifm: moneo prone to weak password recovery mechanism	3 Jun 202409:00	–	vulnrichment

Vulners

Vulnrichment

Node

ifm moneo_appliance_qva200Range≤1.13

ifm moneo_appliance_qha210Range≤1.13

ifm moneo_appliance_qha300Range≤1.13

ifm moneo_for_micosoft_windowsRange≤1.13

[
  {
    "defaultStatus": "unaffected",
    "product": "moneo appliance QVA200",
    "vendor": "ifm",
    "versions": [
      {
        "lessThanOrEqual": "1.13",
        "status": "affected",
        "version": "0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "moneo appliance QHA210",
    "vendor": "ifm",
    "versions": [
      {
        "lessThanOrEqual": "1.13",
        "status": "affected",
        "version": "0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "moneo appliance QHA300",
    "vendor": "ifm",
    "versions": [
      {
        "lessThanOrEqual": "1.13",
        "status": "affected",
        "version": "0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "moneo for Micosoft Windows",
    "vendor": "ifm",
    "versions": [
      {
        "lessThanOrEqual": "1.13",
        "status": "affected",
        "version": "0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en/advisories/VDE-2024-028

17 Jun 2026 08:15Current

9.7High risk

Vulners AI Score9.7

CVSS 3.19.8

EPSS0.0055

SSVC

CWE-640