Buffer Overflow Vulnerability in STMicroelectronics X-CUBE-AZRTOS-WL
CVE-2024-45064
What is CVE-2024-45064?
CVE-2024-45064 is a buffer overflow vulnerability affecting STMicroelectronics' X-CUBE-AZRTOS-WL version 2.0.0, which is an extension for the Azure RTOS ecosystem, specifically designed for lightweight and secure IoT solutions. This vulnerability arises from the internal RAM interface functionality of the FileX component, where an attacker could manipulate specially crafted network packets to overflow the buffer and potentially execute arbitrary code within the affected system. Such exploitation could lead to unauthorized access, system compromise, and manipulation of device functions, posing serious risks to organizations relying on secure and efficient operations in their IoT environments.
Potential impact of CVE-2024-45064
-
Remote Code Execution: The buffer overflow vulnerability allows attackers to execute arbitrary code on devices running X-CUBE-AZRTOS-WL, which can lead to full control over the device and its operations.
-
Data Integrity and Confidentiality Risks: Exploitation of this vulnerability can compromise sensitive data processed or stored on affected devices, leading to potential data breaches and loss of confidentiality.
-
Disruption of IoT Operations: With the ability to execute unauthorized commands, an attacker could disrupt critical operations relying on IoT devices, which could impact business continuity and operational efficiency.
Affected Version(s)
X-CUBE-AZRT-H7RS 1.0.0
X-CUBE-AZRTOS-F4 1.1.0
X-CUBE-AZRTOS-F7 1.1.0