CVE-2024-2747

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-2747
CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-100-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-100-01.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:schneider-electric:easergy_studio:*:*:*:*:*:*:*:*
History

23 Aug 2024, 16:30

Type Values Removed Values Added
References () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-100-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-100-01.pdf - () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-100-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-100-01.pdf - Vendor Advisory
CPE cpe:2.3:a:schneider-electric:easergy_studio:*:*:*:*:*:*:*:*
First Time Schneider-electric
Schneider-electric easergy Studio

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) CWE-428: Existe una ruta de búsqueda sin comillas o una vulnerabilidad de elemento en Easergy Studio, lo que podría causar una escalada de privilegios cuando un usuario válido reemplaza un nombre de archivo confiable en el sistema y reinicia la máquina.

12 Jun 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-12 18:15

Updated : 2024-08-23 16:30

NVD link : CVE-2024-2747

Mitre link : CVE-2024-2747

CVE.ORG link : CVE-2024-2747

JSON object : View

Products Affected

schneider-electric

  • easergy_studio
CWE
CWE-428

Unquoted Search Path or Element


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024