CVE-2024-11425Incorrect Calculation of Buffer Size in Electric Bmenor2200h

CWE-131Incorrect Calculation of Buffer Size3 documents3 sources
Severity
8.7HIGHNVD
EPSS
0.3%
top 43.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Schneider Electric Bmenor2200hSchneider Electric Evlink PRO ACSchneider Electric Modicon M580 CPU Safety
Timeline
PublishedJan 17

Description

CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

CVEListV5schneider_electric/bmenor2200hAll Versions
CVEListV5schneider_electric/evlink_pro_acVersions prior to v1.3.10
CVEListV5schneider_electric/modicon_m580_cpu_safetyVersions prior to SV4.21

🔴Vulnerability Details

2
GHSA
GHSA-m2f5-73vq-2mp8: CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is s2025-01-17
CVEList
CVE-2024-11425: CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is s2025-01-17
CVE-2024-11425 — Incorrect Calculation of Buffer Size | cvebase