Lucene search

K
cvelistEatonCVELIST:CVE-2024-31415
HistorySep 13, 2024 - 4:48 p.m.

CVE-2024-31415

2024-09-1316:48:12
CWE-522
Eaton
www.cve.org
4
eaton foreseer
external servers
encryption keys

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

20.2%

The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Foreseer",
    "vendor": "Eaton",
    "versions": [
      {
        "lessThan": "7.8.500",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

20.2%

Related for CVELIST:CVE-2024-31415