CVE-2024-8531Improper Verification of Cryptographic Signature in Electric Data Center Expert

CWE-347Improper Verification of Cryptographic Signature3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 75.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schneider Electric Data Center Expert
Timeline
PublishedOct 11

Description

CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

CVEListV5schneider_electric/data_center_expertVersions 8.1.1.3 and prior

🔴Vulnerability Details

2
CVEList
CVE-2024-8531: CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade b2024-10-11
GHSA
GHSA-53j3-c5gj-9m5j: CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade b2024-10-11
CVE-2024-8531 — HIGH severity | cvebase