CVE-2024-31484
Published: May 14, 2024
Modified: Feb 13, 2025
CVSS v3.1
7.8
Description
A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30), CPCX26 Central Processing/Communication (All versions < V06.02), ETA4 Ethernet Interface IEC60870-5-104 (All versions < V10.46), ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 (All versions < V03.27), PCCX26 Ax 1703 PE, Contr, Communication Element (All versions < V06.05). The affected devices contain an improper null termination vulnerability while parsing a specific HTTP header. This could allow an attacker to execute code in the context of the current process or lead to denial of service condition.
| Vendor | Product | Versions |
|---|---|---|
Siemens | CPC80 Central Processing/Communication | affected 0 - < V16.41 |
Siemens | CPCI85 Central Processing/Communication | affected 0 - < V5.30 |
Siemens | CPCX26 Central Processing/Communication | affected 0 - < V06.02 |
Siemens | ETA4 Ethernet Interface IEC60870-5-104 | affected 0 - < V10.46 |
Siemens | ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 | affected 0 - < V03.27 |
Siemens | PCCX26 Ax 1703 PE, Contr, Communication Element | affected 0 - < V06.05 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now