CVE-2024-26000

PHOENIX CONTACT: Out of bounds read only memory access

CVSS 5.9 MEDIUMEPSS 0.8%CWE-125

An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

PHOENIX CONTACT · CHARX SEC-3000 PHOENIX CONTACT · CHARX SEC-3050 PHOENIX CONTACT · CHARX SEC-3100 PHOENIX CONTACT · CHARX SEC-3150

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cert.vde.com/en/advisories/VDE-2024-011