THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-31484

Reserved:2024-04-04
Published:2024-05-14
Updated:2024-05-15

Description

A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30). The affected device firmwares contain an improper null termination vulnerability while parsing a specific HTTP header. This could allow an attacker to execute code in the context of the current process or lead to denial of service condition.



HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-170: Improper Null Termination

Product status

Default status
unknown

Any version before V16.41
affected

Default status
unknown

Any version before V5.30
affected

References

https://cert-portal.siemens.com/productcert/html/ssa-871704.html

cve.org CVE-2024-31484

nvd.nist.gov CVE-2024-31484

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-31484