CVE-2024-42418

Avtec Outpost Use of Hard-coded Cryptographic Key

Description

Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.

Remediation

Solution:

  • Avtec recommends users update to Outpost v5.0 to resolve. * When upgrading to Outpost Version 5.0.0 or later, reset the list of users to the default. More information and instructions can be found on Avtec's Outpost Uploader Utility User Guide https://connect.avtecinc.com/bundle/Outpost_Uploader_Utility_User_Guide/page/Content/Outpost_User_Guide/Reset_Web_Auth.html  for more information. * Restrict access to port 80 or disable web interface if possible. Additionally, Avtec recommends checking devices for Scout firmware versions prior to 5.8.1, which was commonly coupled with Outpost firmware. If so, the devices may also need to be updated to the latest firmware. For more information, please visit Scout Release Notes https://connect.avtecinc.com/bundle/Scout_Release_Notes_5_8/resource/Release_Notes_Scout.pdf .

Category

8.7
CVSS
Severity: High
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.12%
Third-Party Advisory cisa.gov
Affected: Avtec Outpost 0810
Affected: Avtec Outpost Uploader Utility
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-24-235-04 third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2024-42418?
CVE-2024-42418 has been scored as a high severity vulnerability.
How to fix CVE-2024-42418?
To fix CVE-2024-42418: Avtec recommends users update to Outpost v5.0 to resolve. * When upgrading to Outpost Version 5.0.0 or later, reset the list of users to the default. More information and instructions can be found on Avtec's Outpost Uploader Utility User Guide https://connect.avtecinc.com/bundle/Outpost_Uploader_Utility_User_Guide/page/Content/Outpost_User_Guide/Reset_Web_Auth.html  for more information. * Restrict access to port 80 or disable web interface if possible. Additionally, Avtec recommends checking devices for Scout firmware versions prior to 5.8.1, which was commonly coupled with Outpost firmware. If so, the devices may also need to be updated to the latest firmware. For more information, please visit Scout Release Notes https://connect.avtecinc.com/bundle/Scout_Release_Notes_5_8/resource/Release_Notes_Scout.pdf .
Is CVE-2024-42418 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-42418 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-42418?
CVE-2024-42418 affects Avtec Outpost 0810, Avtec Outpost Uploader Utility.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.