CVE-2024-12372
Published: 18 December 2024
Summary
CVE-2024-12372 is a critical-severity Code Injection (CWE-94) vulnerability in Rockwellautomation (inferred from references). Its CVSS base score is 9.3 (Critical).
Operationally, ranked in the top 7.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The issue stems from heap memory corruption that can compromise system integrity, and it is tracked under CWE-94. The vulnerability carries a CVSS 4.0 score of 9.3 with a network attack vector, low attack complexity, and no required privileges or user interaction.
An unauthenticated remote attacker can send crafted network traffic to trigger the flaw, resulting in either arbitrary code execution or a denial-of-service condition that disrupts device operation. The current EPSS score of 0.0939 has not risen above its recorded peak, indicating no material increase in observed exploitation interest since disclosure.
A Rockwell Automation security advisory is available at the vendor's trust center for further details on the affected product versions.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50812
Vulnerability details
A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or…
more
a denial-of-service attack.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Makes persistent code injection into loaded programs impossible when the executable image itself resides on hardware-protected read-only media.
Dynamically generated code can be produced and executed inside the isolated chamber, preventing host compromise from code-injection payloads.
Validates inputs used in dynamic code generation to block injected directives.
Directly prevents execution of attacker-supplied code written into data memory regions.