CVE-2024-4229

Dec. 19, 2024, 8:17 a.m.

7.8
High

Description

Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify.

Product(s) Impacted

Product Versions
Edgecross Basic Software for Windows
  • 1.00 and later
Edgecross Basic Software for Developers
  • 1.00 and later

Weaknesses

CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References

https://jvn.jp/vu/JVNVU92857077/index.html
https://www.edgecross.org/client_info/EDGECROSS/view/userweb/ext/en/data-download/pdf/ECD-TE10-0003-01-EN.pdf

Tags

CWE-276
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
2024-12-19
CVE-2024-4229

CVSS Score

7.8 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: HIGH
  • Privileges Required: LOW
  • Scope: CHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Date

  • Published: Dec. 19, 2024, 8:17 a.m.
  • Last Modified: Dec. 19, 2024, 8:17 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.