When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service condition and crash the Kepware application. By default, these functions are turned off, yet they remain accessible for users who recognize and require their advantages.
History

Mon, 19 Aug 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 16 Aug 2024 15:15:00 +0000

Type Values Removed Values Added
Description When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service condition and crash the Kepware application. By default, these functions are turned off, yet they remain accessible for users who recognize and require their advantages.
Title PTC Kepware ThingWorx Kepware Server Allocation of Resources Without Limits or Throttling
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-08-16T14:57:51.023Z

Updated: 2024-08-19T17:32:48.721Z

Reserved: 2024-06-17T21:40:20.832Z

Link: CVE-2024-6098

cve-icon Vulnrichment

Updated: 2024-08-19T17:32:41.984Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-16T15:15:31.737

Modified: 2024-08-19T13:00:23.117

Link: CVE-2024-6098

cve-icon Redhat

No data.