CVE-2024-41146Medium
Share link
Anyone with the link can open this vulnerability.
Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker …
CVSS
4.6
Medium
EPSS
0.00
p21
Published
2024-01-01
Updated
2024-01-01
Description
Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. This issue affects: Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)), all versions of 8.80 and prior.
Tags · CWE
CWE-694
CWE-694BaseIncomplete
Use of Multiple Resources with Duplicate Identifier
The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.
https://cwe.mitre.org/data/definitions/694.html →Open in CWE collection →CVSS vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Timeline
2024-01-01
Published
2024-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: P
Physical (P)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: N
None (N)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.003 · p21
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
No vulnerabilities match your filters.