Lucene search

SchneiderCVELIST:CVE-2024-2602

HistoryJul 11, 2024 - 8:46 a.m.

CVE-2024-2602

2024-07-1108:46:13

CWE-22

schneider

www.cve.org

cve-2024-2602

path traversal

remote code execution

authenticated user

saved project file

tampered file

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

23.3%

JSON

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path
Traversal’) vulnerability exists that could result in remote code execution when an authenticated
user executes a saved project file that has been tampered by a malicious actor.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "FoxRTU Station",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to v9.3.0"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-03.pdf

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

23.3%

JSON

Related for CVELIST:CVE-2024-2602