Lucene search

SchneiderCVE-2024-2747

HistoryJun 12, 2024 - 6:15 p.m.

CVE-2024-2747

2024-06-1218:15:11

CWE-428

schneider

web.nvd.nist.gov

cve-2024-2747

cwe-428

privilege escalation

valid user

trusted file

system reboot

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

16.5%

JSON

CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could
cause privilege escalation when a valid user replaces a trusted file name on the system and
reboots the machine.

Affected configurations

Nvd

Node

schneider-electriceasergy_studioRange≤9.3.3

VendorProductVersionCPE
schneider-electriceasergy_studio*cpe:2.3:a:schneider-electric:easergy_studio:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	easergy_studio	*	cpe:2.3:a:schneider-electric:easergy_studio::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Easergy Studio",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "v9.3.3 and prior"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-100-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-100-01.pdf

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

16.5%

JSON

Related for CVE-2024-2747