FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-41968

Missing Authentication for Critical Function (CWE-306)

Published: Nov 18, 2024 / Updated: 1d ago

010
CVSS 5.4EPSS 0.04%Medium
CVE info copied to clipboard

A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Timeline

CVE Assignment

NVD published the first details for CVE-2024-41968

Nov 18, 2024 at 9:15 AM
CVSS

A CVSS base score of 5.4 has been assigned.

Nov 18, 2024 at 9:20 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-41968. See article

Nov 18, 2024 at 9:22 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 18, 2024 at 9:34 AM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 18, 2024 at 9:34 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 14.7%)

Nov 19, 2024 at 9:42 AM
Static CVE Timeline Graph

Affected Systems

Wago/edge_controller
+null more

Attack Patterns

CAPEC-12: Choosing Message Identifier
+null more

News

Medium - CVE-2024-41968 - A low privileged remote attacker may modify the...
Security-Database Alerts Monitor : Last 100 Alerts / 1d
A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS.
WAGO: Multiple vulnerabilities in WAGO Firmware 04.05.10 (FW 27)
CERT@VDE Advisory Feed / 1d
Nozomi reported eight vulnerabilities to WAGO affecting different firmwares installed on several devices. The identified vulnerabilities could lead to a denial-of-service attack or alter of the firmware and docker configuration.
CVE-2024-41968 - Docker CVE: Unauthenticated DoS Via settings Modification
Latest Vulnerabilities / 1d
CVE ID : CVE-2024-41968 Published : Nov. 18, 2024, 9:15 a.m. 53 minutes ago Description : A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. Severity: 5.4 MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
WAGO: Docker Settings Manipulation in Multiple DevicesA low privileged remote...
CVE - NEW | THREATINT / 1d
A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS.
CVE-2024-41968 | WAGO CC100 0751-9x01 Docker Settings Setup missing authentication (VDE-2024-047)
VulDB Recent Entries / 1d
A vulnerability was found in WAGO CC100 0751-9x01, PFC100 G2 0750-811x-xxxx-xxxx, PFC200 G2 750-821x-xxx-xxx, TP600 0762-420x, 8000-000x, TP600 0762-430x, TP600 0762-520x, TP600 0762-530x, TP600 0762-620x, TP600 0762-630x, Edge Controller 0752-8303, 8000-0002, PFC100 G1 0750-810x, xxxx-xxxx and PFC200 G1 750-820x-xxx-xxx and classified as critical . Affected by this issue is some unknown functionality of the component Docker Settings Setup . The manipulation leads to missing authentication. This vulnerability is handled as CVE-2024-41968 . The attack may be launched remotely. There is no exploit available.
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:Low
Availability Impact:Low

Categories

CVSS 5.4(34617)CWE-306(1267)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial