CVE-2024-2050

Summary

CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an attacker injects then executes arbitrary malicious JavaScript code within the context of the product.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEasergy T200 (Modbus) Models: T200I, T200E, T200P, T200S, T200HSC2-04MOD-07000104 <= prioraffected
Schneider ElectricEasergy T200 (IEC104) Models: T200I, T200E, T200P, T200S, T200HSC2-04IEC-07000104 <= prioraffected
Schneider ElectricEasergy T200 (DNP3) Models: T200I, T200E, T200P, T200S, T200HSC2-04DNP-07000104 <= prioraffected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References