Low Privileged Remote Attacker Can Modify BACNet Service Properties, Leading to Denial of Service
CVE-2024-41974

7.1HIGH

Key Information:

Vendor: Wago
Status: Cc100 0751-9x01; Pfc100 G2 0750-811x-xxxx-xxxx; Pfc200 G2 750-821x-xxx-xxx; Tp600 0762-420x/8000-000x
Vendor: CVE Published:; 18 November 2024

What is CVE-2024-41974?

A remote code execution vulnerability exists in the BACNet service of Vendor XYZ that allows low privileged attackers to alter service properties. This flaw arises from improper permission assignments for essential resources. Exploitation of this vulnerability could lead to a denial of service, specifically disrupting BACNet communication, which can affect the operation of systems relying on this protocol. Organizations using affected BACNet versions should review their configurations and apply the necessary defenses to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CC100 0751-9x01 0.0.0 <= 4.5.10 (FW27)

CC100 0751/9x01 0.0.0 <= 04.03.03 (72)

CC100 0751/9x01 0.0.0 <= 04.04.03 (70)

References

https://cert.vde.com/en/advisories/VDE-2024-047

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2024

Credit

Diego Giubertoni

Nozomi Networks

JSON

Wago

What is CVE-2024-41974?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.