CVE-2024-8531

HIGH

7.2

Description

CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root.

CVE Details

CVSS v3.1 Score7.2

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredHIGH

User InteractionNONE

Published10/11/2024

Last Modified10/15/2024

Sourcenvd

Honeypot Sightings0

Weaknesses (CWE)

CWE-347

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-01.pdf(cybersecurity@se.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.