Vulnerability-Lookup - Search a vulnerability

Impacted products

Vendor

Product

Version

Affected: <4.020

Rockwell Automation	PM1k 1408-BC3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TS3A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TS3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM3A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-EM3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TR1A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TR2A-485	Affected: <v4.020
Rockwell Automation	PM1k 1408-EM1A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-EM2A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TR1A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TR2A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM1A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM2A-ENT	Affected: <4.020

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12373",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-18T19:55:51.973126Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-18T19:56:35.445Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-BC3A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-BC3A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TS3A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TS3A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM3A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM3A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR1A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR2A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003cv4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM1A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM2A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR1A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR2A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM1A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM2A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        }
      ],
      "datePublic": "2024-12-17T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-18T15:38:50.826Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Products\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eAffected firmware revision\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in firmware revision\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-BC3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-BC3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TS3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TS3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR1A-485\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR2A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM1A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM2A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR1A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR2A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM1A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM2A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003cp\u003e\u003cb\u003eMitigations and Workarounds\u003c/b\u003e\u003c/p\u003e\u003cp\u003eUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u0026nbsp; \u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Affected Products\n\nAffected firmware revision\n\nCorrected in firmware revision\n\nPM1k 1408-BC3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-BC3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TS3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TS3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR1A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR2A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM1A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM2A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR1A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR2A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM1A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM2A-ENT\n\n\u003c4.020\n\n4.020\n\n\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u00a0 \n\n\u00b7 \u00a0 \u00a0 \u00a0  Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        }
      ],
      "source": {
        "advisory": "SD1714",
        "discovery": "EXTERNAL"
      },
      "title": "Rockwell Automation PowerMonitor\u2122 1000 Denial of Service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-12373",
    "datePublished": "2024-12-18T15:38:50.826Z",
    "dateReserved": "2024-12-09T17:50:55.398Z",
    "dateUpdated": "2024-12-18T19:56:35.445Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12372 (GCVE-0-2024-12372)

Vulnerability from cvelistv5 – Published: 2024-12-18 15:28 – Updated: 2024-12-18 19:58

Summary

A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack.

Severity ?

9.3 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

Rockwell

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: <4.020

Rockwell Automation	PM1k 1408-BC3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TS3A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TS3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM3A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-EM3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TR1A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TR2A-485	Affected: <v4.020
Rockwell Automation	PM1k 1408-EM1A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-EM2A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TR1A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TR2A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM1A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM2A-ENT	Affected: <4.020

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12372",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-18T19:57:17.324443Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-18T19:58:03.337Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-BC3A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-BC3A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TS3A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TS3A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM3A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM3A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR1A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR2A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003cv4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM1A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM2A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR1A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR2A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM1A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM2A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        }
      ],
      "datePublic": "2024-12-17T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-18T15:34:48.191Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Products\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eAffected firmware revision\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in firmware revision\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-BC3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-BC3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TS3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TS3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR1A-485\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR2A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM1A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM2A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR1A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR2A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM1A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM2A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003cp\u003e\u003cb\u003eMitigations and Workarounds\u003c/b\u003e\u003c/p\u003e\u003cp\u003eUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u0026nbsp; \u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Affected Products\n\nAffected firmware revision\n\nCorrected in firmware revision\n\nPM1k 1408-BC3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-BC3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TS3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TS3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR1A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR2A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM1A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM2A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR1A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR2A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM1A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM2A-ENT\n\n\u003c4.020\n\n4.020\n\n\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u00a0 \n\n\u00b7 \u00a0 \u00a0 \u00a0  Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        }
      ],
      "source": {
        "advisory": "SD1714",
        "discovery": "EXTERNAL"
      },
      "title": "Rockwell Automation PowerMonitor\u2122 1000 Denial of Service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-12372",
    "datePublished": "2024-12-18T15:28:25.266Z",
    "dateReserved": "2024-12-09T17:50:51.305Z",
    "dateUpdated": "2024-12-18T19:58:03.337Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12371 (GCVE-0-2024-12371)

Vulnerability from cvelistv5 – Published: 2024-12-18 15:23 – Updated: 2024-12-18 19:59

Summary

A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset.

Severity ?

9.3 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

Rockwell

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: <4.020

Rockwell Automation	PM1k 1408-BC3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TS3A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TS3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM3A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-EM3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TR1A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TR2A-485	Affected: <v4.020
Rockwell Automation	PM1k 1408-EM1A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-EM2A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TR1A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TR2A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM1A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM2A-ENT	Affected: <4.020

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12371",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-18T19:58:35.484632Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-306",
                "description": "CWE-306 Missing Authentication for Critical Function",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-18T19:59:35.810Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-BC3A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-BC3A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TS3A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TS3A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM3A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM3A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR1A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR2A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003cv4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM1A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM2A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR1A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR2A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM1A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM2A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        }
      ],
      "datePublic": "2024-12-17T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset.\u003c/span\u003e"
            }
          ],
          "value": "A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-18T15:23:37.736Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Products\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eAffected firmware revision\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in firmware revision\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-BC3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-BC3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TS3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TS3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR1A-485\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR2A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM1A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM2A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR1A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR2A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM1A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM2A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003cp\u003e\u003cb\u003eMitigations and Workarounds\u003c/b\u003e\u003c/p\u003e\u003cp\u003eUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u0026nbsp; \u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Affected Products\n\nAffected firmware revision\n\nCorrected in firmware revision\n\nPM1k 1408-BC3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-BC3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TS3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TS3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR1A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR2A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM1A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM2A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR1A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR2A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM1A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM2A-ENT\n\n\u003c4.020\n\n4.020\n\n\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u00a0 \n\n\u00b7 \u00a0 \u00a0 \u00a0  Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        }
      ],
      "source": {
        "advisory": "SD1714",
        "discovery": "EXTERNAL"
      },
      "title": "Rockwell Automation PowerMonitor\u2122 1000 Remote Code Execution",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-12371",
    "datePublished": "2024-12-18T15:23:37.736Z",
    "dateReserved": "2024-12-09T17:50:47.624Z",
    "dateUpdated": "2024-12-18T19:59:35.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12373 (GCVE-0-2024-12373)

Vulnerability from nvd – Published: 2024-12-18 15:38 – Updated: 2024-12-18 19:56

Summary

A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.

Severity ?

9.3 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

Rockwell

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: <4.020

Rockwell Automation	PM1k 1408-BC3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TS3A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TS3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM3A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-EM3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TR1A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TR2A-485	Affected: <v4.020
Rockwell Automation	PM1k 1408-EM1A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-EM2A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TR1A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TR2A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM1A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM2A-ENT	Affected: <4.020

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12373",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-18T19:55:51.973126Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-18T19:56:35.445Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-BC3A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-BC3A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TS3A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TS3A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM3A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM3A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR1A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR2A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003cv4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM1A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM2A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR1A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR2A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM1A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM2A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        }
      ],
      "datePublic": "2024-12-17T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-18T15:38:50.826Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Products\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eAffected firmware revision\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in firmware revision\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-BC3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-BC3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TS3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TS3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR1A-485\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR2A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM1A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM2A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR1A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR2A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM1A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM2A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003cp\u003e\u003cb\u003eMitigations and Workarounds\u003c/b\u003e\u003c/p\u003e\u003cp\u003eUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u0026nbsp; \u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Affected Products\n\nAffected firmware revision\n\nCorrected in firmware revision\n\nPM1k 1408-BC3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-BC3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TS3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TS3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR1A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR2A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM1A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM2A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR1A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR2A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM1A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM2A-ENT\n\n\u003c4.020\n\n4.020\n\n\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u00a0 \n\n\u00b7 \u00a0 \u00a0 \u00a0  Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        }
      ],
      "source": {
        "advisory": "SD1714",
        "discovery": "EXTERNAL"
      },
      "title": "Rockwell Automation PowerMonitor\u2122 1000 Denial of Service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-12373",
    "datePublished": "2024-12-18T15:38:50.826Z",
    "dateReserved": "2024-12-09T17:50:55.398Z",
    "dateUpdated": "2024-12-18T19:56:35.445Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12372 (GCVE-0-2024-12372)

Vulnerability from nvd – Published: 2024-12-18 15:28 – Updated: 2024-12-18 19:58

Summary

A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack.

Severity ?

9.3 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

Rockwell

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: <4.020

Rockwell Automation	PM1k 1408-BC3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TS3A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TS3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM3A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-EM3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TR1A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TR2A-485	Affected: <v4.020
Rockwell Automation	PM1k 1408-EM1A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-EM2A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TR1A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TR2A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM1A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM2A-ENT	Affected: <4.020

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12372",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-18T19:57:17.324443Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-18T19:58:03.337Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-BC3A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-BC3A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TS3A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TS3A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM3A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM3A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR1A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR2A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003cv4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM1A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM2A-485",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR1A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-TR2A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM1A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM1k 1408-EM2A-ENT",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c4.020"
            }
          ]
        }
      ],
      "datePublic": "2024-12-17T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-18T15:34:48.191Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Products\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eAffected firmware revision\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in firmware revision\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-BC3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-BC3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TS3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TS3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR1A-485\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR2A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM1A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM2A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR1A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR2A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM1A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM2A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003cp\u003e\u003cb\u003eMitigations and Workarounds\u003c/b\u003e\u003c/p\u003e\u003cp\u003eUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u0026nbsp; \u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Affected Products\n\nAffected firmware revision\n\nCorrected in firmware revision\n\nPM1k 1408-BC3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-BC3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TS3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TS3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR1A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR2A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM1A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM2A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR1A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR2A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM1A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM2A-ENT\n\n\u003c4.020\n\n4.020\n\n\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u00a0 \n\n\u00b7 \u00a0 \u00a0 \u00a0  Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        }
      ],
      "source": {
        "advisory": "SD1714",
        "discovery": "EXTERNAL"
      },
      "title": "Rockwell Automation PowerMonitor\u2122 1000 Denial of Service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-12372",
    "datePublished": "2024-12-18T15:28:25.266Z",
    "dateReserved": "2024-12-09T17:50:51.305Z",
    "dateUpdated": "2024-12-18T19:58:03.337Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12371 (GCVE-0-2024-12371)

Vulnerability from nvd – Published: 2024-12-18 15:23 – Updated: 2024-12-18 19:59

Summary

A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset.

Severity ?

9.3 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

Rockwell

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: <4.020

Rockwell Automation	PM1k 1408-BC3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TS3A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TS3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM3A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-EM3A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TR1A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TR2A-485	Affected: <v4.020
Rockwell Automation	PM1k 1408-EM1A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-EM2A-485	Affected: <4.020
Rockwell Automation	PM1k 1408-TR1A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-TR2A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM1A-ENT	Affected: <4.020
Rockwell Automation	PM1k 1408-EM2A-ENT	Affected: <4.020

Show details on NVD website