Incorrect Buffer Size Calculation in Schneider Electric's Webserver Product
CVE-2024-11425

8.7HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, Excluding M580 Cpu Safety); Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s); Bmenor2200h; Evlink Pro Ac
Vendor: CVE Published:; 17 January 2025

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2024-11425?

A vulnerability exists in Schneider Electric's webserver that allows an unauthenticated user to send a specially crafted HTTPS packet, which can lead to a Denial-of-Service condition. This issue highlights improper buffer size calculations, enabling attackers to exploit the webserver, potentially rendering it inoperable. It is crucial for users to evaluate their systems and apply appropriate mitigations to safeguard against such vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BMENOR2200H All Versions

EVLink Pro AC Versions prior to v1.3.10

Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety) Versions prior to SV4.30

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 17, 2025
Vulnerability Reserved
Nov 19, 2024

JSON

Schneider Electric

What is CVE-2024-11425?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.