CVE-2024-2052

Summary

CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL to download to a different location.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEasergy T200 (Modbus) Models: T200I, T200E, T200P, T200S, T200HSC2-04MOD-07000104 <= prioraffected
Schneider ElectricEasergy T200 (IEC104) Models: T200I, T200E, T200P, T200S, T200HSC2-04IEC-07000104 <= prioraffected
Schneider ElectricEasergy T200 (DNP3) Models: T200I, T200E, T200P, T200S, T200HSC2-04DNP-07000104 <= prioraffected

Weaknesses

  • CWE-552: CWE-552 Files or Directories Accessible to External Parties

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References