AsyncRAT – Active IOCs
January 1, 2025Mirai Botnet aka Katana – Active IOCs
January 2, 2025AsyncRAT – Active IOCs
January 1, 2025Mirai Botnet aka Katana – Active IOCs
January 2, 2025Severity
High
Analysis Summary
CVE-2024-12371 CVSS:9.8
Rockwell Automation PowerMonitor 1000 Remote could allow a remote attacker to bypass security restrictions, caused by unprotected alternate channel. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to perform editing operations, creating admin users and perform factory reset.
CVE-2024-12372 CVSS:9.8
Rockwell Automation PowerMonitor 1000 is vulnerable to a heap-based buffer overflow. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.
Impact
- Security Bypass
- Buffer Overflow
Indicators of Compromise
CVE
- CVE-2024-12371
- CVE-2024-12372
Affected Vendors
Affected Products
- Rockwell Automation PowerMonitor 1000 Remote
- Rockwell Automation PowerMonitor 1000 Remote PM1k 1408-BC3A-485
- Rockwell Automation PowerMonitor 1000 Remote PM1k 1408-BC3A-ENT
- Rockwell Automation PowerMonitor 1000 Remote PM1k 1408-TS3A-485
- Rockwell Automation PowerMonitor 1000 PM1k 1408-BC3A-485
- Rockwell Automation PowerMonitor 1000 PM1k 1408-BC3A-ENT
- Rockwell Automation PowerMonitor 1000 PM1k 1408-TS3A-485
Remediation
Refer to Rockwell Automation Advisory for patch, upgrade or suggested workaround information.