CVE-2024-12373 – Rockwell Automation PowerMonitor™ 1000 Denial of Service
https://notcve.org/view.php?id=CVE-2024-12373
18 Dec 2024 — A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-12372 – Rockwell Automation PowerMonitor™ 1000 Denial of Service
https://notcve.org/view.php?id=CVE-2024-12372
18 Dec 2024 — A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-12371 – Rockwell Automation PowerMonitor™ 1000 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-12371
18 Dec 2024 — A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-306: Missing Authentication for Critical Function •