CVE-2024-38355 — Vulnetix

CVE-2024-38355 PUBLISHED

Es besteht eine Schwachstelle in Siemens SIMATIC WinCC. Dieser Fehler existiert in der Komponente Socket.IO aufgrund einer unsachgemäßen Eingabevalidierung, die zu einer nicht abgefangenen Ausnahme führt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.

EPSS 0.14% · 33.3th percentile

Risk Scores

EPSS Score

0.14%

33.3th percentile

Affected Products

Vendor	Product	Versions
Siemens	Siemens SIMATIC WinCC Runtime Professional V17
Siemens	Siemens SIMATIC WinCC Runtime Professional V20
Siemens	Siemens SIMATIC WinCC 7.5
Siemens	Siemens SIMATIC WinCC 8.0
Siemens	Siemens SIMATIC WinCC Runtime Professional V19
Siemens	Siemens SIMATIC WinCC 7.4
Siemens	Siemens SIMATIC WinCC Runtime Professional V18

Exploit Intelligence

Proof of concept of CVE-2024-47554 (github-poc-repo)
Proof of concept of CVE-2024-47554 (github-poc-repo)
Proof of concept of CVE-2024-47554 (github-poc-repo)
Proof of concept of CVE-2024-47554 (github-poc-repo)
Proof of concept of CVE-2024-47554 (github-poc-repo)
Proof of concept of CVE-2024-47554 (github-poc-repo)
Proof of concept of CVE-2024-47554 (github-poc-repo)
Proof of concept of CVE-2024-47554 (github-poc-repo)
Proof of concept of CVE-2024-47554 (github-poc-repo)
Proof of concept of CVE-2024-47554 (github-poc)

…and 20 more exploits

Timeline

Jan 21, 1970 Security Advisory
Jun 19, 2024 CVE Published
Jun 20, 2024 EPSS Score
Jul 13, 2024 EPSS Score
Aug 4, 2024 EPSS Score
Aug 27, 2024 EPSS Score
Sep 19, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 11, 2024 EPSS Score
Nov 3, 2024 EPSS Score
Nov 18, 2024 CVE Updated
Nov 26, 2024 EPSS Score

References

Open in Interactive Console →