CVE-2024-31484

HIGH Year: 2024
CVSS v3 Score
7.8
High
Weakness Type
CWE-170
View all →

Vulnerability Description

A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30), CPCX26 Central Processing/Communication (All versions < V06.02), ETA4 Ethernet Interface IEC60870-5-104 (All versions < V10.46), ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 (All versions < V03.27), PCCX26 Ax 1703 PE, Contr, Communication Element (All versions < V06.05). The affected devices contain an improper null termination vulnerability while parsing a specific HTTP header. This could allow an attacker to execute code in the context of the current process or lead to denial of service condition.

Related Vulnerabilities

CVE-2019-11044

HIGH
CVSS:7.5(High)

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to...

CWE-1702019

CVE-2022-47515

HIGH
CVSS:7.5(High)

An issue was discovered in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a long message in a TCP request that leads to std::length_error.

CWE-1702022

CVE-2023-24021

HIGH
CVSS:7.5(High)

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules ...

CWE-1702023

CVE-2023-36906

HIGH
CVSS:7.5(High)

Windows Cryptographic Services Information Disclosure Vulnerability

CWE-1702023

CVE-2023-36907

HIGH
CVSS:7.5(High)

Windows Cryptographic Services Information Disclosure Vulnerability

CWE-1702023