CVE-2024-34579
Published: 17 January 2025
Summary
CVE-2024-34579 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Cisa (inferred from references). Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 35.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2024-34579 is a stack-based buffer overflow vulnerability (CWE-121) in Fuji Electric Alpha5 SMART, which may allow an attacker to execute arbitrary code. The vulnerability received a CVSS score of 7.8 under CVSS:3.1 with the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, no privileges required, user interaction needed, unchanged scope, and high impacts to confidentiality, integrity, and availability. It was published on 2025-01-17.
The vulnerability can be exploited by a local attacker who requires user interaction to trigger the buffer overflow. No special privileges are needed, and exploitation has low complexity. Successful attacks enable arbitrary code execution, potentially compromising the affected system with high-impact effects on confidentiality, integrity, and availability.
Mitigation details are provided in the CISA ICS advisory ICSA-25-016-05, available at https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-05.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-35165
Vulnerability details
Fuji Electric Alpha5 SMART is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local stack buffer overflow enables client-side arbitrary code execution via crafted input requiring user interaction.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the CVE by requiring timely remediation of the known stack-based buffer overflow flaw through patching as recommended in the CISA advisory.
Prevents exploitation of the stack-based buffer overflow by enforcing validation of all user inputs that could trigger the vulnerability.
Mitigates arbitrary code execution from the buffer overflow using memory protections such as stack canaries, non-executable memory, and address randomization.