CVE-2024-9787 - Vulnerability Details

A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Ccontrols	Basrouter Bacnet Basrt-b Basrouter Bacnet Basrt-b Firmware
Contemporary Control System	Basrouter Bacnet Basrt-b

Configuration 1 [-]

AND

cpe:2.3:o:ccontrols:basrouter_bacnet_basrt-b_firmware:2.7.2:*:*:*:*:*:*:*

cpe:2.3:h:ccontrols:basrouter_bacnet_basrt-b:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/isZzzz/BASRT-B_BriefDoS_Document/blob/main/report.md
https://vuldb.com/?ctiid.279939
https://vuldb.com/?id.279939
https://vuldb.com/?submit.414499

History

Mon, 25 Nov 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ccontrols Ccontrols basrouter Bacnet Basrt-b Ccontrols basrouter Bacnet Basrt-b Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:ccontrols:basrouter_bacnet_basrt-b:-:::::::* cpe:2.3:o:ccontrols:basrouter_bacnet_basrt-b_firmware:2.7.2:::::::*
Vendors & Products		Ccontrols Ccontrols basrouter Bacnet Basrt-b Ccontrols basrouter Bacnet Basrt-b Firmware

Fri, 11 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Contemporary Control System Contemporary Control System basrouter Bacnet Basrt-b
CPEs		cpe:2.3:h:contemporary_control_system:basrouter_bacnet_basrt-b:2.7.2:::::::*
Vendors & Products		Contemporary Control System Contemporary Control System basrouter Bacnet Basrt-b
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 10 Oct 2024 13:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Contemporary Control System BASrouter BACnet BASRT-B UDP Packet denial of service
Weaknesses		CWE-404
References		https://github.com/isZzzz/BASRT-B_BriefDoS_Document/blob/main/report.md https://vuldb.com/?ctiid.279939 https://vuldb.com/?id.279939 https://vuldb.com/?submit.414499
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P'}` cvssV3_0 `{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-10-10T13:31:03.961Z

Updated: 2024-10-11T16:56:57.432Z

Reserved: 2024-10-10T06:37:16.551Z

Link: CVE-2024-9787

Vulnrichment

Updated: 2024-10-11T16:56:53.461Z

NVD

Status : Analyzed

Published: 2024-10-10T14:15:06.243

Modified: 2024-11-25T17:39:02.310

Link: CVE-2024-9787

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object