CVE-2024-3871
published 2024-04-16CVE-2024-3871: The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.70%
74.3th percentile
The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities.
Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices.
This issue affects DVW-W02W2-E2 through version 2.5.2.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| deltra_electronics | dvw-w02w2-e2 | <= 2.5.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for crashes of the UPSMONProSer.exe service process, which may indicate active exploitation attempts of the stack-based buffer overflow via UDP port 2601. ↗
- →Detect and alert on oversized UDP packets destined for port 2601, which is the attack vector for triggering the stack buffer overflow. ↗
- →Any UDP traffic to port 2601 on hosts running Appleton UPSMON-PRO (versions 2.6 and prior) from untrusted network segments should be treated as suspicious. ↗
- ·The vulnerable service (UPSMONProService) listens on UDP port 2601 by default. This port must be blocked at the firewall for all UPSMON-PRO installations to prevent remote exploitation. ↗
- ·Appleton UPSMON-PRO is End of Life and unsupported by Emerson; no patch is available. Mitigation relies entirely on network controls or product replacement. ↗
- ·Successful exploitation grants SYSTEM-level privileges to the attacker, making network isolation of UPS monitoring networks from corporate networks a critical compensating control. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Emerson Appleton UPSMON-PRO
cisa_ics·2025-11-20·CVSS 9.8
[CRITICAL] Emerson Appleton UPSMON-PRO
ICS Advisory
##
Emerson Appleton UPSMON-PRO
Release DateNovember 20, 2025
Alert CodeICSA-25-324-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Emerson
- Equipment: Appleton UPSMON-PRO
- Vulnerability: Stack-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on affected installations of Appleton UPSMON-PRO.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Emerson products are affected:
- Appleton UPSMON-PRO: Versions 2.6 and prior
## 3.2 VULNERABILITY OVERVIEW
## 3.2.1 STACK-BASED BUFFER O
GHSA
GHSA-3rp3-24hq-749r: The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users
ghsa_unreviewed·2024-04-16
CVE-2024-3871 [HIGH] CWE-120 GHSA-3rp3-24hq-749r: The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users
The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements two features (access control lists management, WPS pin setup) that are affected by command injections and stack overflows vulnerabilities.
Successful exploitation of these flaws would allow remote authenticated attackers to gain remote command execution with elevated privileges on the affected devices.
This issue affects DVW-W02W2-E2 through version 2.5.2.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-16
Published