High severity7.5NVD Advisory· Published Oct 24, 2024· Updated Apr 15, 2026

CVE-2024-6049

Description

The web server of Lawo AG vsm LTC Time Sync (vTimeSync) is affected by a "..." (triple dot) path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only possible if the requested file has some file extension, e. g. .exe or .txt.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2024/Oct/7nvd
lawo.com/lawo-downloads/nvd
r.sec-consult.com/lawonvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.058
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000