CVE-2024-23766

EUVD-2024-21219
An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes a web interface on port 80. An unauthenticated GET request to a specific URL triggers the reboot of the Anybus gateway (or at least most of its modules). An attacker can use this feature to carry out a denial of service attack by continuously sending GET requests to that URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
hms-networksanybus_x-gateway_ab7832-f3
𝑥
< *
ADP
Common Weakness Enumeration
References
https://sensepost.com/blog/2024/targeting-an-industrial-protocol-gateway/
https://sensepost.com/blog/2024/targeting-an-industrial-protocol-gateway/