Lucene search

EatonCVELIST:CVE-2024-31416

HistorySep 13, 2024 - 4:48 p.m.

CVE-2024-31416

2024-09-1316:48:32

CWE-1284

Eaton

www.cve.org

eaton

foreseer

vulnerability

memory consumption

integer overflow

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

EPSS

Percentile

14.1%

JSON

The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result in excessive memory consumption or integer overflow.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Foreseer",
    "vendor": "Eaton",
    "versions": [
      {
        "lessThan": "7.8.600",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

EPSS

Percentile

14.1%

JSON

Related for CVELIST:CVE-2024-31416