A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30), CPCX26 Central Processing/Communication (All versions < V06.02), ETA4 Ethernet Interface IEC60870-5-104 (All versions < V10.46), ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 (All versions < V03.27), PCCX26 Ax 1703 PE, Contr, Communication Element (All versions < V06.05). The affected devices contain an improper null termination vulnerability while parsing a specific HTTP header. This could allow an attacker to execute code in the context of the current process or lead to denial of service condition.
History

Wed, 27 Nov 2024 21:30:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2024-05-14T10:02:23.871Z

Updated: 2024-11-27T21:02:39.703Z

Reserved: 2024-04-04T11:43:06.066Z

Link: CVE-2024-31484

cve-icon Vulnrichment

Updated: 2024-11-27T21:02:39.703Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-14T16:16:50.260

Modified: 2024-11-27T21:15:07.400

Link: CVE-2024-31484

cve-icon Redhat

No data.