CVE-2024-11999

Summary

CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricHarmony (Formerly Magelis) HMIST6, HMISTM6, HMIG3U, HMIG3X, HMISTO7 series with EcoStruxure Operator Terminal Expert runtimeAll versionsaffected
Schneider ElectricPFXST6000, PFXSTM6000, PFXSP5000, PFXGP4100 series with Pro-face BLUE runtimeAll versionsaffected

Weaknesses

  • CWE-1104: CWE-1104 Use of Unmaintained Third-Party Components

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References