← volver
CVE-2024-8531

CVE-2024-8531

CVSS 7.2 HIGHEPSS 0.4%CWE-347
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.2EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 oct 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Schneider Electric · Data Center Expert

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-01.pdf