CVE-2024-23766

HIGH

HMS Anybus X-Gateway AB7832-F - DoS

Title source: llm

Description

An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes a web interface on port 80. An unauthenticated GET request to a specific URL triggers the reboot of the Anybus gateway (or at least most of its modules). An attacker can use this feature to carry out a denial of service attack by continuously sending GET requests to that URL.

References (1)

[Various Sources] https://sensepost.com/blog/2024/targeting-an-industrial-protocol-gateway/

Scores

CVSS v3 7.5

EPSS 0.0028

EPSS Percentile 51.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-598

Status published

Published Jun 26, 2024

Tracked Since Feb 18, 2026