{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-6876","assignerOrgId":"270ccfa6-a436-4e77-922e-914ec3a9685c","state":"PUBLISHED","assignerShortName":"CERTVDE","dateReserved":"2024-07-18T06:31:20.701Z","datePublished":"2024-09-10T15:08:16.212Z","dateUpdated":"2024-10-01T06:27:27.135Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"OSCAT Basic Library","vendor":"oscat.de","versions":[{"lessThan":"3.3.5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"OSCAT Basic Library","vendor":"oscat.de","versions":[{"lessThan":"335","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"OSCAT Basic Library","vendor":"CODESYS","versions":[{"lessThan":"<3.3.5.0","status":"affected","version":"0.0.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Corban Villa"},{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Hithem Lamri"},{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Constantine Doumanidis"},{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Michail Maniatakos"},{"lang":"en","type":"reporter","user":"00000000-0000-4000-9000-000000000000","value":"Modern Microprocessors Architecture (MoMA) Lab at NYU Abu Dhabi"},{"lang":"en","type":"coordinator","user":"00000000-0000-4000-9000-000000000000","value":"CODESYS"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.<br>"}],"value":"Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":4.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-125","description":"CWE-125 Out-of-bounds Read","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"270ccfa6-a436-4e77-922e-914ec3a9685c","shortName":"CERTVDE","dateUpdated":"2024-10-01T06:27:27.135Z"},"references":[{"url":"https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18601&token=27389a52e058d95ff70b17a2370fedf07e073034&download="},{"url":"https://certvde.com/en/advisories/VDE-2024-046/"}],"source":{"defect":["CERT@VDE#641645"],"discovery":"UNKNOWN"},"title":"Out-of-bounds read in OSCAT-Library","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-10T16:16:31.572005Z","id":"CVE-2024-6876","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-10T16:16:48.085Z"}}]}}