CVE-2024-1014

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions SE-elektronic GmbH E-DDC3.3 versions 03.07.03 and higher

Description The issue is related to uncontrolled resource consumption in the web interface of the E-DDC3.3 automation station software. This could allow a remote attacker to cause a denial of service by sending multiple ICMP packets, interrupting the availability of the administration panel.

Recommendations For versions 03.07.03 and higher, consider restricting access to the administration panel to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the number of ICMP packets that can be sent to the device to prevent uncontrolled resource consumption.

Exploit

Fix

Resource Exhaustion

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-94

Related Identifiers

BDU:2024-00925

BDU:2024-01018

CVE-2024-1014

Affected Products

E-Ddc3.3

CVE-2024-1014

Weakness Enumeration

Related Identifiers

Affected Products

References · 11