5.9

CVE-2024-6098

When performing an online tag generation to devices which communicate 
using the ControlLogix protocol, a machine-in-the-middle, or a device 
that is not configured correctly, could deliver a response leading to 
unrestricted or unregulated resource allocation. This could cause a 
denial-of-service condition and crash the Kepware application. By 
default, these functions are turned off, yet they remain accessible for 
users who recognize and require their advantages.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorPTC
Product Kepware ThingWorx Kepware Server
Default Statusunaffected
Version V6
Status affected
VendorPTC
Product Kepware KEPServerEX
Default Statusunaffected
Version V6
Status affected
VendorSoftware Toolbox
Product TOP Server
Default Statusunaffected
Version V6
Status affected
VendorGE
Product IGS
Default Statusunaffected
Version V7.6x
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.153
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
ics-cert@hq.dhs.gov 5.9 0 0
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ics-cert@hq.dhs.gov 5.3 1.6 3.6
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.