CVE-2024-11999

Dec. 17, 2024, 7:15 a.m.

8.8
High

Description

CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product.

Product(s) Impacted

Product Versions
HMI product
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1104
Use of Unmaintained Third Party Components
The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-345-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-345-02.pdf

Tags

CWE-1104
cybersecurity@se.com
2024-12-17
CVE-2024-11999

CVSS Score

8.8 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Dec. 17, 2024, 7:15 a.m.
Last Modified: Dec. 17, 2024, 7:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cybersecurity@se.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.