CVE-2024-11425

Summary

CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricModicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)Versions prior to SV4.30affected
Schneider ElectricModicon M580 CPU Safety (part numbers BMEP58S and BMEH58S)Versions prior to SV4.21affected
Schneider ElectricBMENOR2200HAll Versionsaffected
Schneider ElectricEVLink Pro ACVersions prior to v1.3.10affected

Weaknesses

  • CWE-131: CWE-131 Incorrect Calculation of Buffer Size

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References