Lucene search

SchneiderVULNRICHMENT:CVE-2024-2747

HistoryJun 12, 2024 - 5:12 p.m.

CVE-2024-2747

2024-06-1217:12:20

CWE-428

schneider

github.com

easergy studio

unquoted path vulnerability

privilege escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

16.5%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could
cause privilege escalation when a valid user replaces a trusted file name on the system and
reboots the machine.

CNA Affected

[
  {
    "vendor": "Schneider Electric",
    "product": "Easergy Studio",
    "versions": [
      {
        "status": "affected",
        "version": "v9.3.3 and prior"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:schneider-electric:easergy_studio:*:*:*:*:*:*:*:*"
    ],
    "vendor": "schneider-electric",
    "product": "easergy_studio",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "9.3.3"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-100-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-100-01.pdf

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

16.5%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-2747