{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-41987",
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-352 Cross-Site Request Forgery (CSRF)",
                        "cweId": "CWE-352"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "TEM",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Opera Plus FM Family Transmitter",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "35.45"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-01",
                "refsource": "MISC",
                "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-01"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.2.0"
    },
    "source": {
        "discovery": "UNKNOWN"
    },
    "work_around": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "<span style=\"background-color: rgb(255, 255, 255);\">TEM has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.tem-italy.it/en/contacts/\">TEM</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;for additional information.</span>\n\n<br>"
                }
            ],
            "value": "TEM has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact  TEM https://www.tem-italy.it/en/contacts/ \u00a0for additional information."
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "CISA discovered a public Proof of Concept (PoC) as authored by Gjoko Krstic and reported it to TEM."
        }
    ]
}