CVE-2024-12372: Rockwell Automation PowerMonitor™ 1000 Denial of Service

9.3 CVSS

Description

A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack.

Classification

CVE ID: CVE-2024-12372

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.3

Affected Products

Vendor: Rockwell Automation

Product: PM1k 1408-BC3A-485

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html

Timeline

2024-12-19 00:30:35 UTC
CVE

Rockwell Automation PowerMonitor™ 1000 Denial of Service