CVE-2024-8419
BaseFortify
Publication date: 2025-06-30
Last updated on: 2025-06-30
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-8419 is an improper access control vulnerability in ifm electronic GmbH's Smart PLC AC4xxS devices running certain firmware versions. It occurs because a script endpoint lacks authentication, allowing an unauthorized remote attacker to send specially crafted HTML requests that put the PLC into a fail-safe (safety) state. This means the attacker can remotely trigger the system to enter a protective mode without needing any privileges or user interaction. [1]
How can this vulnerability impact me? :
This vulnerability can cause a loss of availability by forcing the PLC into a fail-safe state, which can disrupt or damage production lines. Since the PLC controls automation components, unauthorized triggering of the fail-safe state can halt operations, leading to potential downtime and operational losses. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying if the vulnerable endpoint script is accessible without authentication on affected ifm electronic GmbH Smart PLC AC4xxS devices running firmware versions earlier than V4.3.17 and V6.1.8. You can scan your network for these devices and attempt to access the HTTP interface endpoint that triggers the fail-safe state. For example, using curl or wget to send HTTP requests to the PLC's IP address and checking for responses indicating the fail-safe trigger. Specific commands might include: curl http://<PLC_IP>/path_to_vulnerable_script or using network scanning tools to detect open HTTP ports on these devices. However, exact endpoint paths are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include preventing unauthorized access to the affected automation components by restricting direct internet access and avoiding exposure to insecure networks. Implement authentication and authorization controls where possible. For PLCs running firmware version V6.1.8, disabling the HTTP interface can mitigate the issue. Additionally, updating the firmware to versions V4.3.17 or V6.1.8 or later is recommended to fix the vulnerability. [1]