Lucene search

SchneiderCVELIST:CVE-2024-5558

HistoryJun 12, 2024 - 4:26 p.m.

CVE-2024-5558

2024-06-1216:26:26

CWE-367

schneider

www.cve.org

toctou race condition

privilege escalation

limited admin account

CVSS3

6.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

16.2%

JSON

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could
cause escalation of privileges when an attacker abuses a limited admin account.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SpaceLogic AS-P",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "V5.0.3 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SpaceLogic AS-B",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "V5.0.3 and prior"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf

CVSS3

6.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

16.2%

JSON

Related for CVELIST:CVE-2024-5558