Voltar

Trimble Cityworks

fevereiro 6º 2025 PUBLISHED RCE

Pontuação da CVSS

Severidade Alta

8.6

Descrição

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.

Versões Afetadas

Fornecedor Produto Versão
Trimble Cityworks 0
Trimble Cityworks (with office companion) 0

Referências

https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04 https://learn.assetlifecycle.trimble.com/i/1532182-cityworks-customer-communication-2025-02-05-docx/0?