CVE-2024-8419

Summary

The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication.

Affected Software

VendorProductVersion RangeStatus
ifm electronic GmbHifm Smart PLC AC402s4.04 < 4.3.17affected
ifm electronic GmbHifm Smart PLC AC402s6.1.8affected
ifm electronic GmbHifm Smart PLC AC422s4.04 < 4.3.17affected
ifm electronic GmbHifm Smart PLC AC422s6.1.8affected
ifm electronic GmbHifm Smart PLC AC424s4.04 < 4.3.17affected
ifm electronic GmbHifm Smart PLC AC424s6.1.8affected
ifm electronic GmbHifm Smart PLC AC432s4.04 < 4.3.17affected
ifm electronic GmbHifm Smart PLC AC432s6.1.8affected
ifm electronic GmbHifm Smart PLC AC434s4.04 < 4.3.17affected
ifm electronic GmbHifm Smart PLC AC434s6.1.8affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References