CVE-2024-23814

The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary denial of service condition of the ICMP service, other communication services are not affected. Affected devices will resume normal operation after the attack terminates.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-725549.html
https://cert-portal.siemens.com/productcert/html/ssa-769027.html

Configurations

No configuration.

History

08 Apr 2025, 09:15

Type	Values Removed	Values Added
References		() https://cert-portal.siemens.com/productcert/html/ssa-725549.html -
Summary		(es) Se ha identificado una vulnerabilidad en SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (Todas las versiones < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (Todas las versiones < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (Todas las versiones < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (Todas las versiones < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (Todas las versiones < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (Todas las versiones < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (Todas las versiones < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (Todas las versiones < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (Todas las versiones < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (Todas las versiones < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (Todas las versiones < V3.0.0), iFeatures de SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (Todas las versiones < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (Todas las versiones < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (Todas las versiones < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (Todas las versiones < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (Todas las versiones < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (Todas las versiones < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (Todas las versiones < V3.0.0), SCALANCE WUM766-1 (EE. UU.) (6GK5766-1GE00-3DB0) (Todas las versiones < V3.0.0). El servicio ICMP integrado de la pila de red de los dispositivos afectados puede verse obligado a agotar sus recursos de memoria disponibles al recibir mensajes especialmente manipulados que tengan como objetivo el reensamblado de fragmentos de IP. Esto podría permitir que un atacante remoto no autenticado provoque una condición de denegación de servicio temporal del servicio ICMP; otros servicios de comunicación no se ven afectados. Los dispositivos afectados reanudarán su funcionamiento normal una vez que finalice el ataque.
Summary	(en) A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary denial of service condition of the ICMP service, other communication services are not affected. Affected devices will resume normal operation after the attack terminates.	(en) The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary denial of service condition of the ICMP service, other communication services are not affected. Affected devices will resume normal operation after the attack terminates.

11 Feb 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-11 11:15

Updated : 2025-04-08 09:15

NVD link : CVE-2024-23814

Mitre link : CVE-2024-23814

CVE.ORG link : CVE-2024-23814

JSON object : View

Products Affected

No product.

CWE

CWE-400

Uncontrolled Resource Consumption

5.3 /10