CVE-2024-5000

EPSS 0.81%
Veröffentlicht 04.06.2024 09:15:09
Zuletzt bearbeitet 21.11.2024 09:46:44
Quelle info@cert.vde.com
CVE-Watchlists
Login
Unerledigt
Login

An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellercodesys

≫

Produkt control_for_empc-a\/imx6_sl

Default Statusunknown

Version < 4.12.0.0

Version 0

Status affected

Herstellercodesys

≫

Produkt control_for_beaglebone_sl

Default Statusunknown

Version < 4.12.0.0

Version 0

Status affected

Herstellercodesys

≫

Produkt control_for_iot2000_sl

Default Statusunknown

Version < 4.12.0.0

Version 0

Status affected

Herstellercodesys

≫

Produkt control_for_linux_arm_sl

Default Statusunknown

Version < 4.12.0.0

Version 0

Status affected

Herstellercodesys

≫

Produkt control_for_linux_sl

Default Statusunknown

Version < 4.12.0.0

Version 0

Status affected

Herstellercodesys

≫

Produkt control_for_pfc200_sl

Default Statusunknown

Version < 4.12.0.0

Version 0

Status affected

Herstellercodesys

≫

Produkt control_for_plcnext_sl

Default Statusunknown

Version < 4.12.0.0

Version 0

Status affected

Herstellercodesys

≫

Produkt control_for_raspberry_pi_sl

Default Statusunknown

Version < 4.12.0.0

Version 0

Status affected

Herstellercodesys

≫

Produkt control_for_wago_touch_panels_600_sl

Default Statusunknown

Version < 4.12.0.0

Version 0

Status affected

Herstellercodesys

≫

Produkt control_rte_\(for_beckhoff_cx\)_sl

Default Statusunknown

Version < 3.5.20.10

Version 0

Status affected

Herstellercodesys

≫

Produkt control_rte_\(sl\)

Default Statusunknown

Version < 3.5.20.10

Version 0

Status affected

Herstellercodesys

≫

Produkt control_win_\(sl\)

Default Statusunknown

Version < 3.5.20.10

Version 0

Status affected

Herstellercodesys

≫

Produkt runtime_toolkit

Default Statusunknown

Version < 3.5.20.10

Version 0

Status affected

Herstellercodesys

≫

Produkt hmi_\(sl\)

Default Statusunknown

Version < 3.5.20.10

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.81%	0.735

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
info@cert.vde.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

https://cert.vde.com/en/advisories/VDE-2024-026

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18355&token=e3e5a937ce72602bec39718ddc2f4ba6d983ccd1&download=

https://nvd.nist.gov/vuln/detail/CVE-2024-5000

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-5000

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-5000

EUVD