{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12372", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2024-12-09T17:50:51.305Z", "datePublished": "2024-12-18T15:28:25.266Z", "dateUpdated": "2024-12-18T19:58:03.337Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PM1k 1408-BC3A-485", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<4.020"}]}, {"defaultStatus": "unaffected", "product": "PM1k 1408-BC3A-ENT", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<4.020"}]}, {"defaultStatus": "unaffected", "product": "PM1k 1408-TS3A-485", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<4.020"}]}, {"defaultStatus": "unaffected", "product": "PM1k 1408-TS3A-ENT", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<4.020"}]}, {"defaultStatus": "unaffected", "product": "PM1k 1408-EM3A-485", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<4.020"}]}, {"defaultStatus": "unaffected", "product": "PM1k 1408-EM3A-ENT", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<4.020"}]}, {"defaultStatus": "unaffected", "product": "PM1k 1408-TR1A-485", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<4.020"}]}, {"defaultStatus": "unaffected", "product": "PM1k 1408-TR2A-485", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<v4.020"}]}, {"defaultStatus": "unaffected", "product": "PM1k 1408-EM1A-485", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<4.020"}]}, {"defaultStatus": "unaffected", "product": "PM1k 1408-EM2A-485", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<4.020"}]}, {"defaultStatus": "unaffected", "product": "PM1k 1408-TR1A-ENT", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<4.020"}]}, {"defaultStatus": "unaffected", "product": "PM1k 1408-TR2A-ENT", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<4.020"}]}, {"defaultStatus": "unaffected", "product": "PM1k 1408-EM1A-ENT", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<4.020"}]}, {"defaultStatus": "unaffected", "product": "PM1k 1408-EM2A-ENT", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<4.020"}]}], "datePublic": "2024-12-17T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack.</span>\n\n<br>"}], "value": "A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-12-18T15:34:48.191Z"}, "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<table><tbody><tr><td><p>Affected Products</p></td><td><p>Affected firmware revision</p></td><td><p>Corrected in firmware revision</p></td></tr><tr><td><p>PM1k 1408-BC3A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-BC3A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TS3A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TS3A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM3A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM3A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR1A-485<b></b></p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR2A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM1A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM2A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR1A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR2A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM1A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM2A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr></tbody></table>\n\n<br>\n\n<p><b>Mitigations and Workarounds</b></p><p>Users using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. &nbsp; </p><p>\u00b7 &nbsp; &nbsp; &nbsp; <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a></p>\n\n<br>"}], "value": "Affected Products\n\nAffected firmware revision\n\nCorrected in firmware revision\n\nPM1k 1408-BC3A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-BC3A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-TS3A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-TS3A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-EM3A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-EM3A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-TR1A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-TR2A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-EM1A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-EM2A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-TR1A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-TR2A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-EM1A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-EM2A-ENT\n\n<4.020\n\n4.020\n\n\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u00a0 \n\n\u00b7 \u00a0 \u00a0 \u00a0 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"}], "source": {"advisory": "SD1714", "discovery": "EXTERNAL"}, "title": "Rockwell Automation PowerMonitor\u2122 1000 Denial of Service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-18T19:57:17.324443Z", "id": "CVE-2024-12372", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-18T19:58:03.337Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12372", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-18T19:57:17.324443Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-18T19:57:58.869Z"}}], "cna": {"title": "Rockwell Automation PowerMonitor\u2122 1000 Denial of Service", "source": {"advisory": "SD1714", "discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rockwell Automation", "product": "PM1k 1408-BC3A-485", "versions": [{"status": "affected", "version": "<4.020"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "PM1k 1408-BC3A-ENT", "versions": [{"status": "affected", "version": "<4.020"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "PM1k 1408-TS3A-485", "versions": [{"status": "affected", "version": "<4.020"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "PM1k 1408-TS3A-ENT", "versions": [{"status": "affected", "version": "<4.020"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "PM1k 1408-EM3A-485", "versions": [{"status": "affected", "version": "<4.020"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "PM1k 1408-EM3A-ENT", "versions": [{"status": "affected", "version": "<4.020"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "PM1k 1408-TR1A-485", "versions": [{"status": "affected", "version": "<4.020"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "PM1k 1408-TR2A-485", "versions": [{"status": "affected", "version": "<v4.020"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "PM1k 1408-EM1A-485", "versions": [{"status": "affected", "version": "<4.020"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "PM1k 1408-EM2A-485", "versions": [{"status": "affected", "version": "<4.020"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "PM1k 1408-TR1A-ENT", "versions": [{"status": "affected", "version": "<4.020"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "PM1k 1408-TR2A-ENT", "versions": [{"status": "affected", "version": "<4.020"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "PM1k 1408-EM1A-ENT", "versions": [{"status": "affected", "version": "<4.020"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "PM1k 1408-EM2A-ENT", "versions": [{"status": "affected", "version": "<4.020"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Affected Products\n\nAffected firmware revision\n\nCorrected in firmware revision\n\nPM1k 1408-BC3A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-BC3A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-TS3A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-TS3A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-EM3A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-EM3A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-TR1A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-TR2A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-EM1A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-EM2A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-TR1A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-TR2A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-EM1A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-EM2A-ENT\n\n<4.020\n\n4.020\n\n\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u00a0 \n\n\u00b7 \u00a0 \u00a0 \u00a0 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight", "supportingMedia": [{"type": "text/html", "value": "<table><tbody><tr><td><p>Affected Products</p></td><td><p>Affected firmware revision</p></td><td><p>Corrected in firmware revision</p></td></tr><tr><td><p>PM1k 1408-BC3A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-BC3A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TS3A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TS3A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM3A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM3A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR1A-485<b></b></p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR2A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM1A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM2A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR1A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR2A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM1A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM2A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr></tbody></table>\n\n<br>\n\n<p><b>Mitigations and Workarounds</b></p><p>Users using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. &nbsp; </p><p>\u00b7 &nbsp; &nbsp; &nbsp; <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a></p>\n\n<br>", "base64": false}]}], "datePublic": "2024-12-17T14:00:00.000Z", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack.</span>\n\n<br>", "base64": false}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-12-18T15:34:48.191Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12372", "state": "PUBLISHED", "dateUpdated": "2024-12-18T19:58:03.337Z", "dateReserved": "2024-12-09T17:50:51.305Z", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "datePublished": "2024-12-18T15:28:25.266Z", "assignerShortName": "Rockwell"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack."}], "id": "CVE-2024-12372", "lastModified": "2024-12-18T20:15:22.167", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2024-12-18T16:15:11.050", "references": [{"source": "PSIRT@rockwellautomation.com", "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}