Denial of Service Vulnerability in Contemporary Controls BASrouter BACnet
CVE-2024-4292

6.5MEDIUM

Key Information:

Vendor

Contemporary Controls

Status
Basrouter Bacnet Basrt-b
Vendor
CVE Published:
27 April 2024

Badges

👾 Exploit Exists

What is CVE-2024-4292?

A significant vulnerability has been identified in the Contemporary Controls BASrouter BACnet BASRT-B 2.7.2. The issue resides within the Device-Communication-Control Service component and is triggered by a specific input manipulation, leading to a Denial of Service condition. This security flaw allows attackers to disrupt the device's normal function, rendering it unresponsive. It has been publicly disclosed and poses a risk to users who have not yet implemented mitigation strategies. Early contact with the vendor for information on this issue has gone unanswered, highlighting an urgent need for affected users to take immediate precautions.

Affected Version(s)

BASrouter BACnet BASRT-B 2.7.2

References

https://vuldb.com/?id.262224
vdb-entrytechnical-description
https://vuldb.com/?ctiid.262224
signaturepermissions-required
https://vuldb.com/?submit.320749
third-party-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

isZzzzz (VulDB User)
.