CVE-2024-12372

CRITICAL

Rockwell Automation Power Monitor 1000 - RCE/DoS

Title source: llm

Description

A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack.

References (1)

Core 1

Core References

Various Sources

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html

Scores

CVSS v4 9.3

EPSS 0.0086

EPSS Percentile 53.9%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (14)

Rockwell Automation/PM1k 1408-BC3A-485 <4.020

Rockwell Automation/PM1k 1408-BC3A-ENT <4.020

Rockwell Automation/PM1k 1408-EM1A-485 <4.020

Rockwell Automation/PM1k 1408-EM1A-ENT <4.020

Rockwell Automation/PM1k 1408-EM2A-485 <4.020

Rockwell Automation/PM1k 1408-EM2A-ENT <4.020

Rockwell Automation/PM1k 1408-EM3A-485 <4.020

Rockwell Automation/PM1k 1408-EM3A-ENT <4.020

Rockwell Automation/PM1k 1408-TR1A-485 <4.020

Rockwell Automation/PM1k 1408-TR1A-ENT <4.020

... and 4 more

Published Dec 18, 2024

Tracked Since Feb 18, 2026