CVE-2024-41974 | THREATINT

Description

A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication.

PUBLISHED Reserved 2024-07-25 | Published 2024-11-18 | Updated 2025-08-27 | Assigner CERTVDE

HIGH: 7.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

Product status

Default status

unaffected

0.0.0 (semver)

affected

Default status

unaffected

0.0.0 (semver)

affected

Default status

unaffected

0.0.0 (semver)

affected

Default status

unaffected

0.0.0 (semver)

affected

Default status

unaffected

0.0.0 (semver)

affected

Default status

unaffected

0.0.0 (semver)

affected

Default status

unaffected

0.0.0 (semver)

affected

Default status

unaffected

0.0.0 (semver)

affected

Default status

unaffected

0.0.0 (semver)

affected

Default status

unaffected

0.0.0 (semver)

affected

Default status

unaffected

0.0.0 (semver)

affected

Default status

unaffected

0.0.0 (semver)

affected

Default status

unaffected

0.0.0 (semver)

affected

Credits

Diego Giubertoni finder

Nozomi Networks reporter

References

cert.vde.com/en/advisories/VDE-2024-047

cve.org (CVE-2024-41974)

nvd.nist.gov (CVE-2024-41974)

Download JSON