CVE-2024-8531
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Schneider Electric | Data Center Expert | Versions 8.1.1.3 and prior | affected |
Weaknesses
- CWE-347: CWE-347 Improper Verification of Cryptographic Signature
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.