Lucene search

[email protected]NVD:CVE-2024-2747

HistoryJun 12, 2024 - 6:15 p.m.

CVE-2024-2747

2024-06-1218:15:11

CWE-428

[email protected]

web.nvd.nist.gov

cve-2024-2747

cwe-428

easergy studio

unquoted search path

privilege escalation

trusted file name

system reboot

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

16.5%

JSON

CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could
cause privilege escalation when a valid user replaces a trusted file name on the system and
reboots the machine.

Affected configurations

Nvd

Node

schneider-electriceasergy_studioRange≤9.3.3

VendorProductVersionCPE
schneider-electriceasergy_studio*cpe:2.3:a:schneider-electric:easergy_studio:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	easergy_studio	*	cpe:2.3:a:schneider-electric:easergy_studio::::::::

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-100-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-100-01.pdf

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

16.5%

JSON

Related for NVD:CVE-2024-2747

vulnrichment1 cvelist1 cve1