Lucene search

SchneiderVULNRICHMENT:CVE-2024-5313

HistoryJun 12, 2024 - 12:14 p.m.

CVE-2024-5313

2024-06-1212:14:58

CWE-668

schneider

github.com

exposure

vulnerability

ssh interface

authentication

port scanning

fingerprinting

denial of service

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH
interface over the product network interface. This does not allow to directly exploit the product or
make any unintended operation as the SSH interface access is protected by an authentication
mechanism. Impacts are limited to port scanning and fingerprinting activities as well as attempts
to perform a potential denial of service attack on the exposed SSH interface.

CNA Affected

[
  {
    "vendor": "Schneider Electric",
    "product": "EVlink Home Smart",
    "versions": [
      {
        "status": "affected",
        "version": "v2.0.4.1.2_131"
      },
      {
        "status": "affected",
        "version": "v2.0.3.8.2_128"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-03.pdf

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for VULNRICHMENT:CVE-2024-5313