CVE-2024-12372 CRITICAL

CVE-2024-12372: Rockwell Automation PowerMonitor™ 1000 Denial of Service

Vendor Rockwell Automation
Product PM1k 1408-BC3A-485
Published December 18, 2024
Last update December 18, 2024

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack.

Key dates

02Disclosure timeline

December 18, 2024 CVE published
December 18, 2024 Record updated