CVE-2024-5000

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-5000

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

A

n unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.

References
Link Resource
https://cert.vde.com/en/advisories/VDE-2024-026
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18355&token=e3e5a937ce72602bec39718ddc2f4ba6d983ccd1&download=
https://cert.vde.com/en/advisories/VDE-2024-026
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18355&token=e3e5a937ce72602bec39718ddc2f4ba6d983ccd1&download=
Configurations

No configuration.

History

21 Nov 2024, 09:46

Type Values Removed Values Added
References () https://cert.vde.com/en/advisories/VDE-2024-026 - () https://cert.vde.com/en/advisories/VDE-2024-026 -
References () https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18355&token=e3e5a937ce72602bec39718ddc2f4ba6d983ccd1&download= - () https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18355&token=e3e5a937ce72602bec39718ddc2f4ba6d983ccd1&download= -

04 Jun 2024, 16:57

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-04 09:15

Updated : 2024-11-21 09:46

NVD link : CVE-2024-5000

Mitre link : CVE-2024-5000

CVE.ORG link : CVE-2024-5000

JSON object : View

Products Affected

No product.

CWE
CWE-131

Incorrect Calculation of Buffer Size