CVE-2024-26001

PHOENIX CONTACT: Out of bounds write only memory access

CVSS 7.4 HIGHEPSS 0.9%CWE-787

An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Affected products

PHOENIX CONTACT · CHARX SEC-3000 PHOENIX CONTACT · CHARX SEC-3050 PHOENIX CONTACT · CHARX SEC-3100 PHOENIX CONTACT · CHARX SEC-3150

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cert.vde.com/en/advisories/VDE-2024-011