CVE-2024-50384 is a vulnerability classified under CWE-459 (Incomplete Cleanup) affecting the HTTP server functionality within the NetX Duo Web Component of STMicroelectronics X-CUBE-AZRTOS-F7 middleware, specifically version 1.1.0. The vulnerability exists in the file nx_web_http_server.c, where improper resource cleanup after processing certain network packets can lead to a denial of service (DoS) condition. An attacker with network access and low privileges can send a specially crafted HTTP request that triggers this incomplete cleanup, causing the server to become unresponsive or crash, thus denying legitimate users access to the service. The vulnerability does not require user interaction and does not impact confidentiality or integrity, focusing solely on availability. The CVSS v3.1 score is 6.5 (medium severity), reflecting the network attack vector, low attack complexity, and no privileges required beyond network access. No public exploits or patches are currently available, indicating that organizations must rely on compensating controls until an official fix is released. The affected middleware is embedded in various real-time operating system environments used in industrial control, automotive systems, and IoT devices, making it a concern for embedded device manufacturers and operators.

For European organizations, the primary impact is service disruption due to denial of service conditions in embedded devices running the vulnerable HTTP server component. This can affect industrial automation systems, automotive control units, and IoT devices that rely on STMicroelectronics X-CUBE-AZRTOS middleware. Disruptions could lead to operational downtime, safety risks in critical infrastructure, and potential cascading effects in manufacturing or transportation sectors. Since the vulnerability does not expose data or allow code execution, the risk to confidentiality and integrity is low. However, availability impacts in critical systems can have significant operational and financial consequences. The lack of patches increases the window of exposure, and attackers could exploit this vulnerability to cause targeted outages or as part of multi-stage attacks against industrial environments.

1. Implement network segmentation and restrict access to devices running the vulnerable HTTP server to trusted networks only. 2. Deploy firewall rules or intrusion prevention systems (IPS) to detect and block malformed HTTP requests targeting the vulnerable component. 3. Monitor network traffic for unusual or malformed HTTP packets that could indicate exploitation attempts. 4. Coordinate with device manufacturers and STMicroelectronics for timely updates and patches once available. 5. Where possible, disable or limit the HTTP server functionality on embedded devices if not required for operation. 6. Conduct regular security assessments and penetration testing on embedded systems to identify exposure. 7. Employ redundancy and failover mechanisms in critical systems to mitigate the impact of potential denial of service events.