Improper Input Validation in Schneider Electric's Engineering Workstation
CVE-2024-10083

6.8MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Uni-telway Driver; Uni-telway Driver Used In Ecostruxure Control Expert; Uni-telway Driver Used In Ecostruxure Process Expert; Uni-telway Driver Used In Ecostruxure Process Expert For Aveva System Platform
Vendor: CVE Published:; 13 February 2025

Summary

An improper input validation flaw has been identified in Schneider Electric's Engineering Workstation. This vulnerability may allow an authenticated user to exploit specific driver interfaces with crafted inputs, potentially resulting in a denial of service condition. Proper measures should be taken to ensure that only validated and expected input is processed by the system, mitigating the risk of disruption to services.

Affected Version(s)

Uni-Telway driver All versions

Uni-Telway driver used in EcoStruxure Control Expert All versions

Uni-Telway driver used in EcoStruxure Process Expert All Versions

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Oct 17, 2024