Lucene search

SchneiderCVELIST:CVE-2024-5313

HistoryJun 12, 2024 - 12:14 p.m.

CVE-2024-5313

2024-06-1212:14:58

CWE-668

schneider

www.cve.org

cve-2024-5313

cwe-668

ssh interface

network interface

authentication mechanism

port scanning

fingerprinting

denial of service

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

0.0004 Low

EPSS

Percentile

9.0%

JSON

CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH
interface over the product network interface. This does not allow to directly exploit the product or
make any unintended operation as the SSH interface access is protected by an authentication
mechanism. Impacts are limited to port scanning and fingerprinting activities as well as attempts
to perform a potential denial of service attack on the exposed SSH interface.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "EVlink Home Smart",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "v2.0.4.1.2_131"
      },
      {
        "status": "affected",
        "version": "v2.0.3.8.2_128"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-03.pdf

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-5313