{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-50594", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2024-10-25T19:20:51.679Z", "datePublished": "2025-04-02T13:41:56.253Z", "dateUpdated": "2025-04-02T14:58:46.936Z"}, "containers": {"cna": {"affected": [{"vendor": "STMicroelectronics", "product": "X-CUBE-AZRT-H7RS", "versions": [{"version": "1.0.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-F4", "versions": [{"version": "1.1.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-F7", "versions": [{"version": "1.1.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-G0", "versions": [{"version": "1.1.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-G4", "versions": [{"version": "2.0.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-H7", "versions": [{"version": "3.3.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-L4", "versions": [{"version": "2.0.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-L5", "versions": [{"version": "2.0.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-WB", "versions": [{"version": "2.0.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-WL", "versions": [{"version": "2.0.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\Middlewares\\ST\\netxduo\\addons\\web\\nx_web_http_server.c"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-191: Integer Underflow (Wrap or Wraparound)", "type": "CWE", "cweId": "CWE-191"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2025-04-02T13:41:56.253Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2102", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2102"}], "credits": [{"lang": "en", "value": "Discovered by Kelly Patterson of Cisco Talos."}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-02T14:58:32.955206Z", "id": "CVE-2024-50594", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-02T14:58:46.936Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-50594", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-02T14:58:32.955206Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-02T14:58:40.733Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Kelly Patterson of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "STMicroelectronics", "product": "X-CUBE-AZRT-H7RS", "versions": [{"status": "affected", "version": "1.0.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-F4", "versions": [{"status": "affected", "version": "1.1.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-F7", "versions": [{"status": "affected", "version": "1.1.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-G0", "versions": [{"status": "affected", "version": "1.1.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-G4", "versions": [{"status": "affected", "version": "2.0.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-H7", "versions": [{"status": "affected", "version": "3.3.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-L4", "versions": [{"status": "affected", "version": "2.0.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-L5", "versions": [{"status": "affected", "version": "2.0.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-WB", "versions": [{"status": "affected", "version": "2.0.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-WL", "versions": [{"status": "affected", "version": "2.0.0"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2102", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2102"}], "descriptions": [{"lang": "en", "value": "An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\Middlewares\\ST\\netxduo\\addons\\web\\nx_web_http_server.c"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-191", "description": "CWE-191: Integer Underflow (Wrap or Wraparound)"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2025-04-02T13:41:56.253Z"}}}, "cveMetadata": {"cveId": "CVE-2024-50594", "state": "PUBLISHED", "dateUpdated": "2025-04-02T14:58:46.936Z", "dateReserved": "2024-10-25T19:20:51.679Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2025-04-02T13:41:56.253Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:st:x-cube-azrt-h7rs:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4C5F8DB8-6A3C-492D-8B9D-2211A3FB2C07", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-f4:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A69A0188-96F6-40C7-A2BE-8760297E6249", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-f7:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF242900-643B-444B-9DE7-0373C810EA22", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-g0:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CEE45297-82B1-4E0B-85DF-4A3C4EEC0391", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-g4:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D14B5944-7E42-45CD-8053-276C8787FC10", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-h7:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F44785CF-9D3D-44AB-8E92-50C9471C6481", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-l4:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B9B78921-0E36-459A-AC17-94AC6AF8847F", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-l5:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "58BA08A3-2A44-43CF-8302-082E44D1B070", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-wb:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "163D6B0F-2A31-401D-A1CD-EC77357767BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-wl:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CD0D34C-C260-4DC4-99A9-24F4C610C710", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\Middlewares\\ST\\netxduo\\addons\\web\\nx_web_http_server.c"}, {"lang": "es", "value": "Existe una vulnerabilidad de bajo flujo de enteros en el servidor HTTP, poner la funcionalidad de solicitud de STMicroelectronics X-Cube-Azrtos-WL 2.0.0. Una serie especialmente manipulado de solicitudes de red puede conducir a la negaci\u00f3n del servicio. Un atacante puede enviar una secuencia de paquetes maliciosos para desencadenar esta vulnerabilidad. Esta vulnerabilidad afecta la implementaci\u00f3n del servidor HTTP de componente web NetX Duo que se puede encontrar en X-Cube-Azrtos-F7 \\ MiddleWares \\ ST \\ NetXDUO \\ Addons \\ Web \\ nx_web_http_server.c.C"}], "id": "CVE-2024-50594", "lastModified": "2025-09-05T16:21:32.773", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-02T14:15:43.773", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2102"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "talos-cna@cisco.com", "type": "Primary"}]}

{}

{}