All CISA Advisories, EN

Emerson Appleton UPSMON-PRO

2025-11-20 19:11

1. EXECUTIVE SUMMARY

CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Emerson
Equipment: Appleton UPSMON-PRO
Vulnerability: Stack-based Buffer Overflow

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on affected installations of Appleton UPSMON-PRO.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Emerson products are affected:

Appleton UPSMON-PRO: Versions 2.6 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121

A crafted UDP packet sent to the default UDP port 2601 can cause an overflow of the buffer stack, overwriting critical memory locations. This could allow unauthorized individuals to execute arbitrary code with SYSTEM privileges if the UPSMONProService service communication is not properly validated.

CVE-2024-3871 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-3871. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Healthcare and Public Health
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION:[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Emerson Appleton UPSMON-PRO

Share this:
Facebook
X
LinkedIn
Like this:
Like Loading...

Related

Tags: All CISA Advisories EN

Post navigation

← ICAM365 CCTV Camera Multiple Models

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

Everest Ransomware Says It Breached Brazilian Energy Giant Petrobras November 20, 2025

WhatsApp Flaw Enables Massive Scraping of 3.5 Billion User Accounts November 20, 2025

Android Quick Share Support for AirDrop: A Secure Approach to Cross-Platform File Sharing November 20, 2025

Techstrong Group and DigiCert Unveil the “Quantum Security 25” to Spotlight Leaders Shaping the Future of Quantum Security November 20, 2025

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows November 20, 2025

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet November 20, 2025

Emerson Appleton UPSMON-PRO November 20, 2025

ICAM365 CCTV Camera Multiple Models November 20, 2025

Opto 22 GRV-EPIC and groov RIO November 20, 2025

NDSS 2025 – Detecting And Interpreting Inconsistencies In App Behaviors November 20, 2025

How to update CRLs without public access using AWS Private CA November 20, 2025

IT Security News Hourly Summary 2025-11-20 18h : 17 posts November 20, 2025

Oracle Identity Manager Exploit Observation from September (CVE-2025-61757), (Thu, Nov 20th) November 20, 2025

Critical Windows Graphics Vulnerability Lets Hackers Seize Control with a Single Image November 20, 2025

What the Flock is happening with license plate readers? November 20, 2025

Fired techie admits sabotaging ex-employer, causing $862K in damage November 20, 2025

FCC eliminates cybersecurity requirements for telecom companies November 20, 2025

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 10, 2025 to November 16, 2025) November 20, 2025

Bot Management for the Agentic Era November 20, 2025

What Is Bloatware? + How to Remove It November 20, 2025

Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options

Manage services

Manage {vendor_count} vendors

Read more about these purposes

View preferences

{title}

{title}

{title}