Main Vulnerability Database SB2024112734

SB2024112734 - Use of a broken or risky cryptographic algorithm in Schneider Electric PowerLogic P5

Published: November 27, 2024

Security Bulletin ID SB2024112734

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2024-5559)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to use of a broken or risky cryptographic algorithm. An attacker with physical access can use a specially crafted reset token and cause a denial of service (DoS) condition, a device reboot or gain full control of the relay.

Remediation

Install update from vendor's website.

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-02.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-24-331-02