Lucene search

K
cve[email protected]CVE-2024-25137
HistoryMar 26, 2024 - 11:15 p.m.

CVE-2024-25137

2024-03-2623:15:46
CWE-121
web.nvd.nist.gov
26
automationdirect
buffer overflow
denial-of-service
stack

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "C-MORE EA9 HMI EA9-T6CL",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "6.77",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "C-MORE EA9 HMI EA9-T7CL",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "6.77",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "C-MORE EA9 HMI EA0-T7CL-R",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "6.77",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "C-MORE EA9 HMI EA9-T8CL",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "6.77",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "C-MORE EA9 HMI EA9-T10CL",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "6.77",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "C-MORE EA9 HMI EA9-T10WCL",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "6.77",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "C-MORE EA9 HMI EA9-T12CL",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "6.77",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "C-MORE EA9 HMI EA9-T15CL",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "6.77",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "C-MORE EA9 HMI EA9-T15CL-R",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "6.77",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "C-MORE EA9 HMI EA9-RHMI",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "6.77",
        "status": "affected",
        "version": "0",
        "versionType": "c"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "C-MORE EA9 HMI EA9-PGMSW",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "6.77",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Related for CVE-2024-25137