CVE-2024-50596 identifies an integer underflow vulnerability (CWE-191) in the HTTP server PUT request handling of the STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0 middleware, specifically within the NetX Duo Web Component HTTP Server implementation (nx_web_http_server.c). The flaw arises when processing a specially crafted network packet that causes an integer underflow, leading to wraparound behavior in internal calculations. This underflow can corrupt memory management or internal state, resulting in a denial of service by crashing or halting the HTTP server component. The vulnerability requires network access and limited privileges (PR:L), but no user interaction is needed. The scope is local to the vulnerable component, with no direct impact on confidentiality or integrity, but availability is affected. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) reflects a medium severity rating with a score of 4.3. No patches are currently linked, and no known exploits have been reported in the wild. This vulnerability is relevant for embedded systems and IoT devices using the affected middleware, which is common in industrial and critical infrastructure applications.

For European organizations, the primary impact is a denial of service condition on devices or systems running the vulnerable STMicroelectronics middleware. This can disrupt industrial control systems, IoT devices, or embedded applications that rely on the NetX Duo HTTP server, potentially halting critical operations or causing system instability. While confidentiality and integrity are not directly compromised, availability disruptions in industrial or critical infrastructure environments can have cascading effects, including operational downtime, safety risks, and financial losses. The medium severity and requirement for limited privileges reduce the likelihood of widespread exploitation, but targeted attacks on critical systems remain a concern. Organizations in sectors such as manufacturing, energy, transportation, and smart city infrastructure in Europe could face operational disruptions if vulnerable devices are exposed to untrusted networks.

European organizations should first identify all devices and systems using STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0 middleware with the NetX Duo Web Component HTTP Server. Since no official patches are currently linked, organizations should implement network-level mitigations such as restricting access to the vulnerable HTTP server ports via firewalls and network segmentation to limit exposure to untrusted networks. Monitoring network traffic for anomalous PUT requests and unusual HTTP activity can help detect exploitation attempts. Vendors and integrators should be contacted to obtain or request patches or updated middleware versions addressing this vulnerability. Additionally, applying strict access controls and ensuring that only trusted devices and users have network access to affected systems will reduce risk. Regular vulnerability scanning and penetration testing focused on embedded and IoT devices can help identify vulnerable instances. Finally, organizations should prepare incident response plans to quickly address potential denial of service events caused by exploitation.