CVE-2024-8419
HIGHifm Smart PLC AC402s/AC422s/AC424s/AC432s/AC434s 4.04-4.3.16 and 6.1.8 - Unauthenticated Fail-Safe State Activation
Title source: llmDescription
The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication.
References (1)
Core 1
Core References
Various Sources
https://cert.vde.com/en/advisories/VDE-2024-061
Scores
CVSS v3
7.5
EPSS
0.0041
EPSS Percentile
32.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (10)
ifm electronic GmbH/ifm Smart PLC AC402s
4.04 - 4.3.17
ifm electronic GmbH/ifm Smart PLC AC402s
6.1.8
ifm electronic GmbH/ifm Smart PLC AC422s
4.04 - 4.3.17
ifm electronic GmbH/ifm Smart PLC AC422s
6.1.8
ifm electronic GmbH/ifm Smart PLC AC424s
4.04 - 4.3.17
ifm electronic GmbH/ifm Smart PLC AC424s
6.1.8
ifm electronic GmbH/ifm Smart PLC AC432s
4.04 - 4.3.17
ifm electronic GmbH/ifm Smart PLC AC432s
6.1.8
ifm electronic GmbH/ifm Smart PLC AC434s
4.04 - 4.3.17
ifm electronic GmbH/ifm Smart PLC AC434s
6.1.8
Published
Jun 30, 2025
Tracked Since
Feb 18, 2026