Lucene search

[email protected]CVE-2024-5559

HistoryJun 12, 2024 - 6:15 p.m.

CVE-2024-5559

2024-06-1218:15:12

CWE-327

[email protected]

web.nvd.nist.gov

cve-2024-5559

cwe-327

denial of service

device reboot

relay control

reset token

6.1 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could
cause denial of service, device reboot, or an attacker gaining full control of the relay when a
specially crafted reset token is entered into the front panel of the device.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerLogic P5",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "v01.500.104 and prior"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-02.pdf

6.1 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-5559

cvelist1 nvd1