CVE-2024-23814

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
6.9MEDIUM
EPSS
0.3%
top 49.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
135
Siemens Sidoor Atd430wSiemens Sidoor Ate530g CoatedSiemens Sidoor Ate530s Coated+132 more
Timeline
PublishedFeb 11

Description

The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary denial of service condition of the ICMP service, other communication services are not affected. Affected devices will resume normal operation after the attack terminates.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages135 packages

CVEListV5siemens/siwarex_wp231< *
CVEListV5siemens/siwarex_wp241< *
CVEListV5siemens/siwarex_wp251< *
CVEListV5siemens/sidoor_atd430w< *
CVEListV5siemens/simatic_cfu_pa< V2.0.0+1

🔴Vulnerability Details

2
CVEList
CVE-2024-23814: The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially2025-02-11
GHSA
GHSA-gx9r-288j-7947: A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V32025-02-11
CVE-2024-23814 (MEDIUM CVSS 6.9) | The integrated ICMP service of the | cvebase.io