Source URL: https://blog.talosintelligence.com/talos-discovers-denial-of-service-vulnerability-in-microsoft-audio-bus-potential-remote-code-execution-in-popular-open-source-plc/
Source: Cisco Talos Blog
Title: Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in popular open-source PLC
Feedly Summary: Talos researchers have disclosed three vulnerabilities in OpenPLC, a popular open-source programmable logic controller.
AI Summary and Description: Yes
**Summary:**
The text details the recent disclosure of multiple vulnerabilities in Microsoft products and OpenPLC by Cisco Talos’ Vulnerability Research team. It highlights a denial-of-service vulnerability in the Microsoft High-Definition Audio Bus Driver and a memory corruption issue in the Microsoft Windows 10 Kernel, along with several vulnerabilities in OpenPLC that could be exploited for denial-of-service and remote code execution attacks.
**Detailed Description:**
Cisco Talos’ Vulnerability Research team has uncovered significant security vulnerabilities that could impact both Microsoft systems and OpenPLC devices frequently used in automation.
– **Microsoft Vulnerabilities:**
1. **High-Definition Audio Bus Driver Vulnerability (DoS)**:
– **Vulnerability ID**: TALOS-2024-2008 (CVE-2024-45383)
– An attacker can exploit a mishandling of IRP requests in the driver interface, leading to denial of service (DoS) by causing the system to crash, resulting in a “Blue Screen of Death.”
– The driver is essential for enabling communication between the Windows operating system and external audio devices.
2. **Memory Corruption in Pragmatic General Multicast Server**:
– **Vulnerability ID**: TALOS-2024-2062 (CVE-2024-38140)
– This vulnerability affects the Windows 10 Kernel’s multicasting protocol, allowing attackers to send malicious packets that can manipulate stale memory structures, leading to potential system instability or exploitation.
– The discovery was independently made by Talos before Microsoft was alerted, highlighting potential gaps in internal vulnerability tracking.
– **OpenPLC Vulnerabilities**:
– Three vulnerabilities have been identified in the OpenPLC, a widely utilized open-source programmable logic controller.
1. **Denial-of-Service Vulnerabilities**:
– **Vulnerability IDs**: TALOS-2024-2004 (CVE-2024-36980 and CVE-2024-36981), TALOS-2024-2016 (CVE-2024-39589 and CVE-2024-39590)
– An adversary could exploit these vulnerabilities by sending specially crafted Ethernet/IP requests, which could incapacitate the OpenPLC by causing a denial-of-service.
2. **Remote Code Execution Vulnerability**:
– **Vulnerability ID**: TALOS-2024-2005 (CVE-2024-34026)
– This stack-based buffer overflow vulnerability offers an opportunity for remote code execution, allowing attackers to execute arbitrary code on the affected devices.
– **Action Recommendations**:
– Users are encouraged to download the latest Snort rule sets from Snort.org to help detect attempts to exploit these vulnerabilities.
– Continuous monitoring of Talos Intelligence’s website for the latest Vulnerability Advisories is strongly recommended as these vulnerabilities can pose significant risks to systems and infrastructure.
Overall, the disclosures underscore critical security concerns for organizations relying on these technologies, necessitating prompt action to mitigate risks associated with these vulnerabilities.