Cyber Posture

CVE-2024-34579

High

Published: 17 January 2025

Published
17 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0011 28.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-34579 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Cisa (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, ranked at the 28.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly addresses the CVE by requiring timely remediation of the known stack-based buffer overflow flaw through patching as recommended in the CISA advisory.

SI-10 Information Input Validation good match
prevent

Prevents exploitation of the stack-based buffer overflow by enforcing validation of all user inputs that could trigger the vulnerability.

SI-16 Memory Protection good match
prevent

Mitigates arbitrary code execution from the buffer overflow using memory protections such as stack canaries, non-executable memory, and address randomization.

NVD Description

Fuji Electric Alpha5 SMART is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

Deeper analysisAI

CVE-2024-34579 is a stack-based buffer overflow vulnerability (CWE-121) in Fuji Electric Alpha5 SMART, which may allow an attacker to execute arbitrary code. The vulnerability received a CVSS score of 7.8 under CVSS:3.1 with the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, no privileges required, user interaction needed, unchanged scope, and high impacts to confidentiality, integrity, and availability. It was published on 2025-01-17.

The vulnerability can be exploited by a local attacker who requires user interaction to trigger the buffer overflow. No special privileges are needed, and exploitation has low complexity. Successful attacks enable arbitrary code execution, potentially compromising the affected system with high-impact effects on confidentiality, integrity, and availability.

Mitigation details are provided in the CISA ICS advisory ICSA-25-016-05, available at https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-05.

Details

CWE(s)
CWE-121

Affected Products

Cisa
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-70219Shared CWE-121
CVE-2026-29972Shared CWE-121
CVE-2025-60690Shared CWE-121
CVE-2026-4444Shared CWE-121
CVE-2025-61128Shared CWE-121
CVE-2019-25319Shared CWE-121
CVE-2026-22923Shared CWE-121
CVE-2025-69195Shared CWE-121
CVE-2020-37124Shared CWE-121
CVE-2026-22904Shared CWE-121

References