Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-RHW5-2J65-GX3V
Vulnerability from github – Published: 2024-12-18 18:30 – Updated: 2024-12-18 18:30
VLAI?
Details
A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2024-12373"
],
"database_specific": {
"cwe_ids": [
"CWE-120"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-18T16:15:11Z",
"severity": "CRITICAL"
},
"details": "A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.",
"id": "GHSA-rhw5-2j65-gx3v",
"modified": "2024-12-18T18:30:52Z",
"published": "2024-12-18T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12373"
},
{
"type": "WEB",
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
CVE-2024-12373 (GCVE-0-2024-12373)
Vulnerability from cvelistv5 – Published: 2024-12-18 15:38 – Updated: 2024-12-18 19:56
VLAI?
EPSS
Summary
A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.
Severity ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Rockwell Automation | PM1k 1408-BC3A-485 |
Affected:
<4.020
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T19:55:51.973126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T19:56:35.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-BC3A-485",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-BC3A-ENT",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-TS3A-485",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-TS3A-ENT",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-EM3A-485",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-EM3A-ENT",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-TR1A-485",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-TR2A-485",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003cv4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-EM1A-485",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-EM2A-485",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-TR1A-ENT",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-TR2A-ENT",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-EM1A-ENT",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM1k 1408-EM2A-ENT",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c4.020"
}
]
}
],
"datePublic": "2024-12-17T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T15:38:50.826Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Products\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eAffected firmware revision\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in firmware revision\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-BC3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-BC3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TS3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TS3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM3A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM3A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR1A-485\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR2A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM1A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM2A-485\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR1A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-TR2A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM1A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003ePM1k 1408-EM2A-ENT\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026lt;4.020\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e4.020\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003cp\u003e\u003cb\u003eMitigations and Workarounds\u003c/b\u003e\u003c/p\u003e\u003cp\u003eUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u0026nbsp; \u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Affected Products\n\nAffected firmware revision\n\nCorrected in firmware revision\n\nPM1k 1408-BC3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-BC3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TS3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TS3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM3A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM3A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR1A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR2A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM1A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM2A-485\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR1A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-TR2A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM1A-ENT\n\n\u003c4.020\n\n4.020\n\nPM1k 1408-EM2A-ENT\n\n\u003c4.020\n\n4.020\n\n\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u00a0 \n\n\u00b7 \u00a0 \u00a0 \u00a0 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"source": {
"advisory": "SD1714",
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation PowerMonitor\u2122 1000 Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-12373",
"datePublished": "2024-12-18T15:38:50.826Z",
"dateReserved": "2024-12-09T17:50:55.398Z",
"dateUpdated": "2024-12-18T19:56:35.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…