Lucene search

SchneiderCVE-2024-2602

HistoryJul 11, 2024 - 9:15 a.m.

CVE-2024-2602

2024-07-1109:15:03

CWE-22

schneider

web.nvd.nist.gov

cve-2024-2602

path traversal

remote code execution

authenticated user

saved project file

malicious actor

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.001

Percentile

23.3%

JSON

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path
Traversal’) vulnerability exists that could result in remote code execution when an authenticated
user executes a saved project file that has been tampered by a malicious actor.

Affected configurations

Nvd

Node

schneider-electricfoxrtu_stationRange<9.3.0

VendorProductVersionCPE
schneider-electricfoxrtu_station*cpe:2.3:a:schneider-electric:foxrtu_station:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	foxrtu_station	*	cpe:2.3:a:schneider-electric:foxrtu_station::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "FoxRTU Station",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to v9.3.0"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-03.pdf

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.001

Percentile

23.3%

JSON

Related for CVE-2024-2602