Main Vulnerability Database Vulnerabilities #VU98729

#VU98729 Improper Verification of Cryptographic Signature in Struxureware Data Center Expert - CVE-2024-8531

Published: October 16, 2024 / Updated: October 18, 2024

Vulnerability identifier: #VU98729

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-8531

CWE-ID: CWE-347

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Struxureware Data Center Expert

Software vendor:
Schneider Electric

Description

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to improper verification of cryptographic signature. A remote administrator can compromise the target software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root.

Remediation

Install updates from vendor's website.

External links

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-01.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-24-289-02
https://www.zerodayinitiative.com/advisories/ZDI-24-1417/

#VU98729 Improper Verification of Cryptographic Signature in Struxureware Data Center Expert - CVE-2024-8531

Description

Remediation

External links

Please verify you're human