CVE-2024-22044

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 12, 2024
CWE ID 912

Summary

CVE-2024-22044 is a newly identified vulnerability affecting SENTRON 3KC ATC6 Expansion Modules with Ethernet (3KC9000-8TL75), all versions. The issue lies in an unused, unstable HTTP service exposed on the Modbus-TCP Ethernet at port 80/tcp. An attacker on the same Modbus network can exploit this vulnerability, causing a denial of service condition that forces the device to reboot. This vulnerability poses a risk for networks utilizing these SENTRON expansion modules and emphasizes the importance of implementing security patches and network segmentation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share