1. Home
  2. CVE Database
  3. CVE-2024-6098
MEDIUM · 5.3

CVE-2024-6098

When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response...

Vulnerability Description

When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service condition and crash the Kepware application. By default, these functions are turned off, yet they remain accessible for users who recognize and require their advantages.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Related Weaknesses (CWE)

CWE-770

References

FAQ

What is CVE-2024-6098?

CVE-2024-6098 is a vulnerability with a CVSS score of 5.3 (MEDIUM). When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response...

How severe is CVE-2024-6098?

CVE-2024-6098 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-6098?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.