Lucene search

SchneiderCVE-2024-5558

HistoryJun 12, 2024 - 5:15 p.m.

CVE-2024-5558

2024-06-1217:15:52

CWE-367

schneider

web.nvd.nist.gov

cwe-367

race condition

privilege escalation

limited admin account

CVSS3

6.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

16.2%

JSON

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could
cause escalation of privileges when an attacker abuses a limited admin account.

Affected configurations

Nvd

Node

schneider-electricspacelogic_as-b_firmwareRange<6.0.1

AND

schneider-electricspacelogic_as-bMatch-

Node

schneider-electricspacelogic_as-p_firmwareRange<6.0.1

AND

schneider-electricspacelogic_as-pMatch-

VendorProductVersionCPE
schneider-electricspacelogic_as-b_firmware*cpe:2.3:o:schneider-electric:spacelogic_as-b_firmware:*:*:*:*:*:*:*:*
schneider-electricspacelogic_as-b-cpe:2.3:h:schneider-electric:spacelogic_as-b:-:*:*:*:*:*:*:*
schneider-electricspacelogic_as-p_firmware*cpe:2.3:o:schneider-electric:spacelogic_as-p_firmware:*:*:*:*:*:*:*:*
schneider-electricspacelogic_as-p-cpe:2.3:h:schneider-electric:spacelogic_as-p:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	spacelogic_as-b_firmware	*	cpe:2.3:o:schneider-electric:spacelogic_as-b_firmware::::::::
schneider-electric	spacelogic_as-b	-	cpe:2.3:h:schneider-electric:spacelogic_as-b:-:::::::*
schneider-electric	spacelogic_as-p_firmware	*	cpe:2.3:o:schneider-electric:spacelogic_as-p_firmware::::::::
schneider-electric	spacelogic_as-p	-	cpe:2.3:h:schneider-electric:spacelogic_as-p:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SpaceLogic AS-P",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "V5.0.3 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SpaceLogic AS-B",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "V5.0.3 and prior"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf

CVSS3

6.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

16.2%

JSON

Related for CVE-2024-5558