CVE-2024-10083

Summary

CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricUni-Telway driverAll versionsaffected
Schneider ElectricUni-Telway driver used in EcoStruxure Control ExpertAll versionsaffected
Schneider ElectricUni-Telway driver used in EcoStruxure Process ExpertAll Versionsaffected
Schneider ElectricUni-Telway driver used in EcoStruxure Process Expert for AVEVA System PlatformAll Versionsaffected
Schneider ElectricUni-Telway driver used in OPC Factory ServerAll Versionsaffected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References