CVE-2024-8531

{"id": "CVE-2024-8531", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-10-11T14:15:06.173", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-01.pdf", "source": "cybersecurity@se.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could\ncompromise the Data Center Expert software when an upgrade bundle is manipulated to\ninclude arbitrary bash scripts that are executed as root."}, {"lang": "es", "value": "CWE-347: Existe una vulnerabilidad de verificaci\u00f3n incorrecta de la firma criptogr\u00e1fica que podr\u00eda comprometer el software Data Center Expert cuando se manipula un paquete de actualizaci\u00f3n para incluir scripts bash arbitrarios que se ejecutan como root."}], "lastModified": "2024-10-15T12:58:51.050", "sourceIdentifier": "cybersecurity@se.com"}