GSD-2024-26001
Vulnerability from gsd - Updated: 2024-02-15 06:02Details
An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-26001"
],
"details": "An unauthenticated remote attacker can write\u00a0memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. \n",
"id": "GSD-2024-26001",
"modified": "2024-02-15T06:02:25.126217Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2024-26001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CHARX SEC-3000",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "1.5.0"
}
]
}
},
{
"product_name": "CHARX SEC-3050",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "1.5.0"
}
]
}
},
{
"product_name": "CHARX SEC-3100",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "1.5.0"
}
]
}
},
{
"product_name": "CHARX SEC-3150",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "1.5.0"
}
]
}
}
]
},
"vendor_name": "PHOENIX CONTACT"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Peter Geissler"
},
{
"lang": "en",
"value": "Rick De Jager"
},
{
"lang": "en",
"value": "Carlo Meijer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated remote attacker can write\u00a0memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. \n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-20",
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2024-011",
"refsource": "MISC",
"url": "https://cert.vde.com/en/advisories/VDE-2024-011"
}
]
},
"source": {
"advisory": "VDE-2024-011",
"defect": [
"CERT@VDE#64650"
],
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated remote attacker can write\u00a0memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. \n"
},
{
"lang": "es",
"value": "Un atacante remoto no autenticado puede escribir memoria fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta en la pila MQTT. El ataque de fuerza bruta no siempre tiene \u00e9xito debido a la aleatorizaci\u00f3n de la memoria."
}
],
"id": "CVE-2024-26001",
"lastModified": "2024-03-12T12:40:13.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "info@cert.vde.com",
"type": "Primary"
}
]
},
"published": "2024-03-12T09:15:08.730",
"references": [
{
"source": "info@cert.vde.com",
"url": "https://cert.vde.com/en/advisories/VDE-2024-011"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…