CVE-2024-11999

🗓️ 17 Dec 2024 06:13:00Reported by schneiderType

Vulnerability in HMI product allows complete device control via malicious code installation.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2024-11999	17 Dec 202409:15	–	circl
CNNVD	Schneider Electric多款产品安全漏洞	17 Dec 202400:00	–	cnnvd
Cvelist	CVE-2024-11999	17 Dec 202406:13	–	cvelist
EUVD	EUVD-2024-34304	3 Oct 202520:07	–	euvd
ICS	Schneider Electric Harmony HMI and Pro-Face HMI Products	10 Dec 202400:00	–	ics
NVD	CVE-2024-11999	17 Dec 202407:15	–	nvd
Positive Technologies	PT-2024-17393 · Schneider Electric · Schneider Electric	17 Dec 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-11999	5 Feb 202501:43	–	redhatcve
Vulnrichment	CVE-2024-11999	17 Dec 202406:13	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Harmony (Formerly Magelis) HMIST6, HMISTM6, HMIG3U, HMIG3X, HMISTO7 series with EcoStruxure Operator Terminal Expert runtime",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PFXST6000, PFXSTM6000, PFXSP5000, PFXGP4100 series with Pro-face BLUE runtime",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

Source	Link
download	www.download.schneider-electric.com/files

15 Apr 2026 00:35Current

7High risk

Vulners AI Score7

CVSS 48.7

CVSS 3.18.8

EPSS0.0035

SSVC

CWE-1104