Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ghsa-rhw5-2j65-gx3v
Vulnerability from github
Published
2024-12-18 18:30
Modified
2024-12-18 18:30
Severity ?
VLAI Severity ?
Details
A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.
{
"affected": [],
"aliases": [
"CVE-2024-12373"
],
"database_specific": {
"cwe_ids": [
"CWE-120"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-18T16:15:11Z",
"severity": "CRITICAL"
},
"details": "A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.",
"id": "GHSA-rhw5-2j65-gx3v",
"modified": "2024-12-18T18:30:52Z",
"published": "2024-12-18T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12373"
},
{
"type": "WEB",
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
CVE-2024-12373 (GCVE-0-2024-12373)
Vulnerability from cvelistv5
Published
2024-12-18 15:38
Modified
2024-12-18 19:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Rockwell Automation | PM1k 1408-BC3A-485 |
Version: <4.020 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T19:55:51.973126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T19:56:35.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-BC3A-485",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-BC3A-ENT",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-TS3A-485",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-TS3A-ENT",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-EM3A-485",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-EM3A-ENT",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-TR1A-485",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-TR2A-485",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003cv4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-EM1A-485",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-EM2A-485",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-TR1A-ENT",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-TR2A-ENT",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-EM1A-ENT",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-EM2A-ENT",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
}
],
"datePublic": "2024-12-17T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T15:38:50.826Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Products\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eAffected firmware revision\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in firmware revision\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-BC3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-BC3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TS3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TS3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR1A-485\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR2A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM1A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM2A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR1A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR2A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM1A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM2A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003cp\u003e\u003cb\u003eMitigations and Workarounds\u003c/b\u003e\u003c/p\u003e\u003cp\u003eUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u0026nbsp; \u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Affected Products\n\nAffected firmware revision\n\nCorrected in firmware revision\n\nPM1k 1408-BC3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-BC3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TS3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TS3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR1A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR2A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM1A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM2A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR1A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR2A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM1A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM2A-ENT\n\n\u003c4.020\n\n4.020\n\n\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u00a0 \n\n\u00b7 \u00a0 \u00a0 \u00a0 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"source": {
"advisory": "SD1714",
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation PowerMonitor\u2122 1000 Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-12373",
"datePublished": "2024-12-18T15:38:50.826Z",
"dateReserved": "2024-12-09T17:50:55.398Z",
"dateUpdated": "2024-12-18T19:56:35.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…