Schneider Electric PowerChute Serial Shutdown up to 1.2.0.301 Web Interface /accessdenied improper authentication
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.2 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, was found in Schneider Electric PowerChute Serial Shutdown up to 1.2.0.301. This affects an unknown function of the file /accessdenied of the component Web Interface. The manipulation results in improper authentication. This vulnerability is identified as CVE-2024-10511. The attack can be executed remotely. There is not any exploit available. Applying a patch is advised to resolve this issue.
Details
A vulnerability classified as critical has been found in Schneider Electric PowerChute Serial Shutdown up to 1.2.0.301. Affected is some unknown functionality of the file /accessdenied of the component Web Interface. The manipulation with an unknown input leads to a improper authentication vulnerability. CWE is classifying the issue as CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the web interface when someone on the local network repeatedly requests the /accessdenied URL.
The advisory is shared for download at download.schneider-electric.com. This vulnerability is traded as CVE-2024-10511 since 10/29/2024. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are known technical details, but no exploit is available.
Applying a patch is able to eliminate this problem.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CNA CVSS-B Score: 🔍
CNA CVSS-BT Score: 🔍
CNA Vector: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 6.2
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 5.3
CNA Vector (schneider): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Improper authenticationCWE: CWE-287
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Timeline
10/29/2024 🔍12/11/2024 🔍
12/11/2024 🔍
12/11/2024 🔍
Sources
Vendor: schneider-electric.comAdvisory: SEVD-2024-345-01
Status: Confirmed
CVE: CVE-2024-10511 (🔍)
GCVE (CVE): GCVE-0-2024-10511
GCVE (VulDB): GCVE-100-287856
Entry
Created: 12/11/2024 10:59Changes: 12/11/2024 10:59 (78)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.