Lucene search

[email protected]CVE-2024-31484

HistoryMay 14, 2024 - 4:16 p.m.

CVE-2024-31484

2024-05-1416:16:50

CWE-170

[email protected]

web.nvd.nist.gov

vulnerability

cpc80

cpci85

http header

denial of service

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.8%

JSON

A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30). The affected device firmwares contain an improper null termination vulnerability while parsing a specific HTTP header. This could allow an attacker to execute code in the context of the current process or lead to denial of service condition.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "CPC80 Central Processing/Communication",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V16.41",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "CPCI85 Central Processing/Communication",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V5.30",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-871704.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.8%

JSON

Related for CVE-2024-31484

nvd1 cvelist1 ics1