CVE-2024-10575

CWE-862 — Missing Authorization3 documents3 sources

Severity

10.0CRITICAL

EPSS

0.4%

top 39.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Ecostruxure IT Gateway Schneider-electric Ecostruxure IT Gateway

Timeline

PublishedNov 13

Description

CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:H

Affected Packages2 packages

▶CVEListV5schneider_electric/ecostruxure_it_gateway4 versions+3

▶NVDschneider-electric/ecostruxure_it_gateway4 versions+3

Patches

Patch: download.schneider-electric.com ↗

🔴Vulnerability Details

CVEList

CVE-2024-10575: CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connect↗2024-11-13

▶

GHSA

GHSA-3xc2-jvpw-rv79: CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connect↗2024-11-13

▶