fkie_nvd - fkie_cve-2024-12650

FKIE_CVE-2024-12650

Vulnerability from fkie_nvd - Published: 2025-03-05 12:15 - Updated: 2025-03-05 12:15

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Summary

An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications.

References

	URL	Tags
	info@cert.vde.com	https://cert.vde.com/en/advisories/VDE-2025-004

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications."
    },
    {
      "lang": "es",
      "value": "Un atacante con pocos privilegios puede manipular el tama\u00f1o de memoria solicitado, lo que hace que la aplicaci\u00f3n utilice un \u00e1rea de memoria no v\u00e1lida. Esto podr\u00eda provocar un bloqueo de la aplicaci\u00f3n, pero no afecta a otras aplicaciones."
    }
  ],
  "id": "CVE-2024-12650",
  "lastModified": "2025-03-05T12:15:34.803",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-05T12:15:34.803",
  "references": [
    {
      "source": "info@cert.vde.com",
      "url": "https://cert.vde.com/en/advisories/VDE-2025-004"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-252"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Secondary"
    }
  ]
}

CVE-2024-12650 (GCVE-0-2024-12650)

Vulnerability from cvelistv5 – Published: 2025-03-05 11:46 – Updated: 2025-03-05 14:12

Summary

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE

CWE-252 - Unchecked Return Value

Assigner

CERTVDE

References

URL

Tags

https://cert.vde.com/en/advisories/VDE-2025-004

Impacted products

Vendor

Product

Version

WAGO

CC100 0751-9x01

Affected: 0 , < 04.07.01 (semver)

WAGO	CC100 0751-9x01	Affected: 0 , < 04.07.01 (semver)
WAGO	Edge Controller 0752-8303/8000-0002	Affected: 0 , < 04.07.01 (semver)
WAGO	Edge Controller 0752-8303/8000-0002	Affected: 0 , < 04.07.01 (semver)
WAGO	PFC100 G1 0750-810x/xxxx-xxxx	Affected: 0 , < 3.10.11 (semver)
WAGO	PFC100 G1 0750-810x/xxxx-xxxx	Affected: 0 , < 04.07.01 (semver)
WAGO	PFC100 G2 0750-811x-xxxx-xxxx	Affected: 0 , < 04.07.01 (semver)
WAGO	PFC100 G2 0750-811x-xxxx-xxxx	Affected: 0 , < 04.07.01 (semver)
WAGO	PFC200 G1 750-820x-xxx-xxx	Affected: 0 , < 3.10.11 (semver)
WAGO	PFC200 G1 750-820x-xxx-xxx	Affected: 0 , < 04.07.01 (semver)
WAGO	PFC200 G2 750-821x-xxx-xxx	Affected: 0 , < 04.07.01 (semver)
WAGO	PFC200 G2 750-821x-xxx-xxx	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-420x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-420x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-430x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-430x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-520x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-520x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-530x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-530x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-620x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-620x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-630x/8000-000x	Affected: 0 , < 04.07.01 (semver)
WAGO	TP600 0762-630x/8000-000x	Affected: 0 , < 04.07.01 (semver)

Credits

Gabriele Quagliarella from Nozomi Networks

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12650",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T14:11:34.419639Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T14:12:02.004Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CC100 0751-9x01",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC100 0751-9x01",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Edge Controller 0752-8303/8000-0002",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Edge Controller 0752-8303/8000-0002",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100 G1 0750-810x/xxxx-xxxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "3.10.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100 G1 0750-810x/xxxx-xxxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100 G2 0750-811x-xxxx-xxxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100 G2 0750-811x-xxxx-xxxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G1 750-820x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "3.10.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G1 750-820x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G2 750-821x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G2 750-821x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-420x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-420x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-430x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-430x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-520x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-520x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-530x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-530x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-620x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-620x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-630x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-630x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Gabriele Quagliarella from Nozomi Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications.\u003c/p\u003e"
            }
          ],
          "value": "An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252 Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-05T11:46:15.486Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2025-004"
        }
      ],
      "source": {
        "advisory": "VDE-2025-004",
        "defect": [
          "CERT@VDE#641731"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Wago: Vulnerability in libwagosnmp",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-12650",
    "datePublished": "2025-03-05T11:46:15.486Z",
    "dateReserved": "2024-12-16T07:37:06.620Z",
    "dateUpdated": "2025-03-05T14:12:02.004Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2024-12650

CVE-2024-12650 (GCVE-0-2024-12650)

Tags

Sightings

Nomenclature