Lucene search

[email protected]NVD:CVE-2024-2602

HistoryJul 11, 2024 - 9:15 a.m.

CVE-2024-2602

2024-07-1109:15:03

CWE-22

[email protected]

web.nvd.nist.gov

cve-2024-2602

cwe-22

path traversal

remote code execution

authenticated user

tampered file

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

23.3%

JSON

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path
Traversal’) vulnerability exists that could result in remote code execution when an authenticated
user executes a saved project file that has been tampered by a malicious actor.

Affected configurations

Nvd

Node

schneider-electricfoxrtu_stationRange<9.3.0

VendorProductVersionCPE
schneider-electricfoxrtu_station*cpe:2.3:a:schneider-electric:foxrtu_station:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	foxrtu_station	*	cpe:2.3:a:schneider-electric:foxrtu_station::::::::

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-03.pdf

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

23.3%

JSON

Related for NVD:CVE-2024-2602

cvelist1 vulnrichment1 cve1