Products
Eaton Foreseer software
Source
CybersecurityCOE@eaton.com
Tags
CVE-2024-31415 details
Published : Sept. 13, 2024, 5:15 p.m.
Last Modified : Sept. 13, 2024, 5:15 p.m.
Last Modified : Sept. 13, 2024, 5:15 p.m.
Description
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6.3 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-522 | Insufficiently Protected Credentials | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
Base Score
6.3
Exploitability Score
0.8
Impact Score
5.5
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
References
| URL | Source |
|---|---|
| https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf | CybersecurityCOE@eaton.com |
This website uses the NVD API, but is not approved or certified by it.