Critical remote code execution flaw reported in Emerson Appleton UPSMON-PRO
Take action: Make sure all Emerson Appleton UPSMON-PRO devices are isolated from the internet and accessible from trusted networks only. Since this product is End of Life and no security patches are available, block UDP port 2601 and isolate the monitoring network until you can migrate. Plan a replacement with a supported UPS monitoring solution.
Learn More
Emerson is reporting a critical security vulnerability affecting its Appleton UPSMON-PRO uninterruptible power supply monitoring system.
The flaw is tracked as CVE-2024-3871 (CVSS score 9.8), a stack-based buffer overflow vulnerability caused by improper validation of UDP packets sent to the default port 2601. A specially crafted UDP packet can trigger a buffer overflow on the stack, overwriting memory locations and potentially allowing unauthorized attackers to execute arbitrary code with SYSTEM privileges on affected installations.
According to Emerson, the Appleton UPSMON-PRO product has reached End of Life status and is no longer supported. No security patches will be released to fix this vulnerability.
Organizations still using the product are strongly urged to replace it with an actively supported UPS monitoring solution. For those who cannot immediately transition away from the product, Emerson recommends blocking UDP port 2601, isolating UPS monitoring networks from general corporate networks, and network-level packet filtering to reject oversized UDP packets for port 2601.
