CVE-2024-22079 identifies a directory traversal vulnerability in Elspec G5 digital fault recorders, specifically versions 1.1.4.15 and earlier. The vulnerability arises from insufficient validation of input parameters in the system logs download functionality, enabling attackers to traverse directories and retrieve arbitrary files outside the intended log directory. This type of vulnerability is classified under CWE-24 (Improper Restriction of File Name in a Pathname). The CVSS 3.1 base score of 7.5 reflects a network attack vector with low attack complexity, no privileges required, and no user interaction needed. The impact is primarily on confidentiality, as attackers can access sensitive files, potentially including configuration files, credentials, or other critical data stored on the device. There is no direct impact on integrity or availability, meaning the device’s operation and data modification are not affected by this vulnerability. The Elspec G5 digital fault recorder is used in electrical power systems for fault analysis and event recording, making the confidentiality of its data important for operational security. No patches or fixes have been published at the time of disclosure, and no active exploitation has been reported, but the vulnerability’s nature makes it a candidate for future exploitation by threat actors targeting critical infrastructure.

The primary impact of CVE-2024-22079 is unauthorized disclosure of sensitive information stored on Elspec G5 digital fault recorders. Attackers exploiting this vulnerability can access system files that may contain configuration details, user credentials, or operational logs. Such information disclosure can facilitate further attacks, including lateral movement within industrial control systems or disruption of power grid operations. Although the vulnerability does not allow modification or disruption of device functionality, the exposure of sensitive data can undermine the security posture of critical infrastructure operators. Organizations relying on these devices for fault recording and analysis in electrical grids face risks of espionage, data leakage, and potential preparation for more damaging attacks. The lack of authentication and user interaction requirements increases the risk of automated scanning and exploitation attempts, especially in environments where these devices are accessible from less trusted networks.

Until an official patch is released, organizations should implement network-level controls to restrict access to Elspec G5 digital fault recorders. This includes isolating these devices within secure network segments, applying strict firewall rules to limit access to trusted management hosts, and disabling or restricting the logs download feature if possible. Monitoring network traffic for unusual access patterns to the logs download endpoint can help detect exploitation attempts. Employing intrusion detection or prevention systems with custom signatures targeting directory traversal attempts against these devices is advisable. Additionally, organizations should conduct thorough audits of device configurations and logs to identify any unauthorized access. Coordination with Elspec for timely patch deployment is critical once updates become available. Finally, incorporating these devices into a broader industrial control system security framework with regular vulnerability assessments will reduce exposure.