cve 2024 3871

CVE-2024-3871 is a critical remote code execution vulnerability affecting Emerson's Appleton UPSMON-PRO software on Windows systems. The flaw is a stack-based buffer overflow triggered by a crafted UDP packet sent to the default port 2601, allowing unauthenticated attackers to execute arbitrary code with SYSTEM privileges. The advisory assigns a CVSS v3.1 score of 9.8 and CVSS v4 score of 9.3, indicating extremely high severity. Since UPSMON-PRO is End-of-Life, no official patch is available, and operators must rely on compensating controls such as network segmentation and firewall rules to mitigate risk. This tag covers discussions on the vulnerability details, impact, and mitigation strategies for affected Windows environments.