Vulnetix
Try Vulnetix Request Demo
CVE-2024-8175 PUBLISHED CVSS 7.5 HIGH

The AC500 V3 web server, implemented by the CmpWebServer component, is an optional part of the runtime system. It is used by the AC500 V3 WebVisu to display visualization screens in a web browser. The AC500 V3 web server supports both the HTTP and HTTPS protocols. Because the AC500 V3 web server does not correctly check the return value of an underlying function, it reacts in a wrong way to specifically crafted TLS packets that are received via an HTTPS connection. This causes the AC500 V3 web server to access invalid memory and the web server task to crash.

EPSS 0.89% · 75.4th percentile

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.89%
75.4th percentile

Affected Products

VendorProductVersions
ABBAC500 V3 products (PM5xxx) < 3.8.0

Timeline

References

Open in Interactive Console →