cve/2024/CVE-2024-31484.md

### [CVE-2024-31484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31484)
![](https://img.shields.io/static/v1?label=Product&message=CPC80%20Central%20Processing%2FCommunication&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=CPCI85%20Central%20Processing%2FCommunication&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=CPCX26%20Central%20Processing%2FCommunication&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=ETA4%20Ethernet%20Interface%20IEC60870-5-104&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=ETA5%20Ethernet%20Int.%201x100TX%20IEC61850%20Ed.2&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=PCCX26%20Ax%201703%20PE%2C%20Contr%2C%20Communication%20Element&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V03.27%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V06.02%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V06.05%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V10.46%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V16.41%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V5.30%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-170%3A%20Improper%20Null%20Termination&color=brighgreen)

### Description

A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30), CPCX26 Central Processing/Communication (All versions < V06.02), ETA4 Ethernet Interface IEC60870-5-104 (All versions < V10.46), ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 (All versions < V03.27), PCCX26 Ax 1703 PE, Contr, Communication Element (All versions < V06.05). The affected devices contain an improper null termination vulnerability while parsing a specific HTTP header. This could allow an attacker to execute code in the context of the current process or lead to denial of service condition.

### POC

#### Reference
- http://seclists.org/fulldisclosure/2024/Jul/4

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2024-07-25 21:25 2024-07-25 21:25:12 +00:00			`### [CVE-2024-31484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31484)`
			`![](https://img.shields.io/static/v1?label=Product&message=CPC80%20Central%20Processing%2FCommunication&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=CPCI85%20Central%20Processing%2FCommunication&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=CPCX26%20Central%20Processing%2FCommunication&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=ETA4%20Ethernet%20Interface%20IEC60870-5-104&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=ETA5%20Ethernet%20Int.%201x100TX%20IEC61850%20Ed.2&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=PCCX26%20Ax%201703%20PE%2C%20Contr%2C%20Communication%20Element&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V03.27%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V06.02%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V06.05%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V10.46%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V16.41%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V5.30%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-170%3A%20Improper%20Null%20Termination&color=brighgreen)`

			`### Description`

			A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30), CPCX26 Central Processing/Communication (All versions < V06.02), ETA4 Ethernet Interface IEC60870-5-104 (All versions < V10.46), ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 (All versions < V03.27), PCCX26 Ax 1703 PE, Contr, Communication Element (All versions < V06.05). The affected devices contain an improper null termination vulnerability while parsing a specific HTTP header. This could allow an attacker to execute code in the context of the current process or lead to denial of service condition.

			`### POC`

			`#### Reference`
			`- http://seclists.org/fulldisclosure/2024/Jul/4`

			`#### Github`
			`No PoCs found on GitHub currently.`