CVE-2024-45825
Improper Input Validation (CWE-20)
Summary
A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.
Impact
This vulnerability allows an attacker to cause a denial-of-service condition in the affected device. The attack can be launched remotely over the network without requiring any user interaction or privileges. When exploited, it results in a major nonrecoverable fault that completely disrupts the availability of the device, potentially causing significant operational downtime.
Exploitation
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
Patch
Based on the provided information, there is no mention of an available patch for this vulnerability.
Mitigation
As no specific mitigation strategies are mentioned in the provided data, general recommendations would include: 1. Implement network segmentation to limit access to affected devices. 2. Use firewalls or access control lists to restrict network access to trusted sources only. 3. Monitor network traffic for suspicious or malformed CIP packets. 4. Keep the affected systems updated with the latest security patches when they become available. 5. Have a robust incident response plan in place to quickly recover from potential denial-of-service attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Timeline
NVD published the first details for CVE-2024-45825
Feedly found the first article mentioning CVE-2024-45825. See article
Feedly estimated the CVSS score as MEDIUM
EPSS Score was set to: 0.04% (Percentile: 9.6%)
A CVSS base score of 7.5 has been assigned.