CVE Published: 16/08/2024 |
CVE Updated: 19/08/2024 |
CVE Year: 2024 Source: icscert |
Vendor: PTC |
Product: Kepware ThingWorx Kepware Server Status : PUBLISHED
CVE-2024-6098 Description
When performing an online tag generation to devices which communicate
using the ControlLogix protocol, a machine-in-the-middle, or a device
that is not configured correctly, could deliver a response leading to
unrestricted or unregulated resource allocation. This could cause a
denial-of-service condition and crash the Kepware application. By
default, these functions are turned off, yet they remain accessible for
users who recognize and require their advantages.
Metrics
CVSS Version: 3.1 |
Base Score: 5.3 MEDIUM Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H