Products
Eaton Foreseer software
Source
CybersecurityCOE@eaton.com
Tags
CVE-2024-31416 details
Published : Sept. 13, 2024, 5:15 p.m.
Last Modified : Sept. 13, 2024, 5:15 p.m.
Last Modified : Sept. 13, 2024, 5:15 p.m.
Description
The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result in excessive memory consumption or integer overflow.
CVSS Score
1 | 2 | 3 | 4 | 5.6 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-1284 | Improper Validation of Specified Quantity in Input | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
Base Score
5.6
Exploitability Score
0.8
Impact Score
4.7
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
References
URL | Source |
---|---|
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf | CybersecurityCOE@eaton.com |
This website uses the NVD API, but is not approved or certified by it.