CVE-2024-7113
published 2024-08-13CVE-2024-7113: If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of…
PriorityP344high8.7CVSS 4.0
AVNACLATNPRNUINVCNVINVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.50%
38.9th percentile
If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aveva | application_server | <= 2023 R2 P01 | — |
| aveva | batch_management | <= 2023 | — |
| aveva | communication_drivers_pack | <= 2023 R2 | — |
| aveva | historian | <= 2023 R2 P01 | — |
| aveva | intouch | <= 2023 R2 P01 | — |
| aveva | suitelink_server | <= 3.7.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
AVEVA SuiteLink Server
cisa_ics·2024-08-13·CVSS 8.7
[HIGH] AVEVA SuiteLink Server
ICS Advisory
##
AVEVA SuiteLink Server
Release DateAugust 13, 2024
Alert CodeICSA-24-226-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: AVEVA
- Equipment: SuiteLink Server
- Vulnerability: Allocation of Resources Without Limits or Throttling
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to cause the server to consume excessive system resources, preventing processing of SuiteLink messages on the targeted host.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following AVEVA products with AVEVA SuiteLink Server installed, are affected:
- SuiteLink:
GHSA
GHSA-jj5m-2m9j-hxjw: If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the dur
ghsa_unreviewed·2024-08-13
CVE-2024-7113 [HIGH] CWE-770 GHSA-jj5m-2m9j-hxjw: If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the dur
If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-13
Published