Lucene search

SchneiderVULNRICHMENT:CVE-2024-6407

HistoryJul 11, 2024 - 9:07 a.m.

CVE-2024-6407

2024-07-1109:07:40

CWE-200

schneider

github.com

cve-2024-6407

information exposure

credentials disclosure

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

CWE-200: Information Exposure vulnerability exists that could cause disclosure of
credentials when a specially crafted message is sent to the device.

CNA Affected

[
  {
    "vendor": "Schneider Electric",
    "product": "Wiser Home Controller WHC-5918A",
    "versions": [
      {
        "status": "affected",
        "version": "All Versions of Wiser Home Controller WHC-5918A"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-01.pdf

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-6407