PT-2024-31437 · Shanghai Sunfull Automation · Shanghai Sunfull Automation Bacnet Server Hmi1002-Arm

Iszzzzz

Published

2024-05-05

Updated

2024-06-04

CVE-2024-4511

CVSS v2.0

5.8

Medium

Vector

AV:A/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Shanghai Sunfull Automation BACnet Server HMI1002-ARM version 2.0.4

Description A critical vulnerability has been found in the Message Handler component of the software, leading to a buffer overflow. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For version 2.0.4, as a temporary workaround, consider disabling the Message Handler component until a patch is available. Restrict access to the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2024-4511

Affected Products

Shanghai Sunfull Automation Bacnet Server Hmi1002-Arm

PT-2024-31437 · Shanghai Sunfull Automation · Shanghai Sunfull Automation Bacnet Server Hmi1002-Arm

CVE-2024-4511

Weakness Enumeration

Related Identifiers

Affected Products

References · 9