CVE-2024-41974

Summary

CVE-2024-41974 is a newly identified vulnerability that allows a low privileged remote attacker to modify BACNet service properties due to incorrect permission assignment for critical resources. This issue may result in a Denial of Service (DoS) attack that is limited to BACNet communication. It is important to note that an attacker does not require high privileges to exploit this vulnerability. System administrators are advised to review and adjust permission settings for BACNet services to mitigate this risk. Failure to address this issue may lead to disrupted BACNet communication and potentially more serious consequences.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.