5.9

CVE-2024-6098

When performing an online tag generation to devices which communicate 
using the ControlLogix protocol, a machine-in-the-middle, or a device 
that is not configured correctly, could deliver a response leading to 
unrestricted or unregulated resource allocation. This could cause a 
denial-of-service condition and crash the Kepware application. By 
default, these functions are turned off, yet they remain accessible for 
users who recognize and require their advantages.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPTC
Produkt Kepware ThingWorx Kepware Server
Default Statusunaffected
Version V6
Status affected
HerstellerPTC
Produkt Kepware KEPServerEX
Default Statusunaffected
Version V6
Status affected
HerstellerSoftware Toolbox
Produkt TOP Server
Default Statusunaffected
Version V6
Status affected
HerstellerGE
Produkt IGS
Default Statusunaffected
Version V7.6x
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.153
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
ics-cert@hq.dhs.gov 5.9 0 0
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ics-cert@hq.dhs.gov 5.3 1.6 3.6
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.