CVE-2024-12399

Summary

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricPro-face GP-Pro EXall version < v5.00.100affected
Schneider ElectricPro-face Remote HMIall versions < v1.70.000affected

Weaknesses

  • CWE-924: CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References