CVE-2024-31484

CVSS V2 None CVSS V3 None

Description

A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30), CPCX26 Central Processing/Communication (All versions < V06.02), ETA4 Ethernet Interface IEC60870-5-104 (All versions < V10.46), ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 (All versions < V03.27), PCCX26 Ax 1703 PE, Contr, Communication Element (All versions < V06.05). The affected devices contain an improper null termination vulnerability while parsing a specific HTTP header. This could allow an attacker to execute code in the context of the current process or lead to denial of service condition.

Overview

CVE ID
CVE-2024-31484

Assigner
siemens

Vulnerability Status
PUBLISHED

Published Version
2024-05-14T10:02:23.871Z

Last Modified Date
2024-06-11T14:20:34.512Z

Weakness Enumerations

CWE	URL
CWE-170	http://cwe.mitre.org/data/definitions/170.html

References

Reference URL	Reference Tags
https://cert-portal.siemens.com/productcert/html/ssa-871704.html
https://cert-portal.siemens.com/productcert/html/ssa-620338.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-31484
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31484

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 00:12:24				Added to TrackCVE