CVE-2024-12373 – Rockwell Automation PowerMonitorâ„¢ 1000 Denial of Service
https://notcve.org/view.php?id=CVE-2024-12373
A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-12372 – Rockwell Automation PowerMonitorâ„¢ 1000 Denial of Service
https://notcve.org/view.php?id=CVE-2024-12372
A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-12371 – Rockwell Automation PowerMonitorâ„¢ 1000 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-12371
A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-306: Missing Authentication for Critical Function •