Malicious File Tampering Risk
CVE-2024-2602

7.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Foxrtu Station
Vendor: CVE Published:; 11 July 2024

Summary

A vulnerability related to improper restriction of a pathname allows for path traversal attacks in Schneider Electric software. This flaw potentially enables remote code execution if an authenticated user interacts with a project file that has been maliciously altered. Attackers can exploit this vulnerability, leading to significant security risks for affected users who may inadvertently execute compromised project files.

Affected Version(s)

FoxRTU Station All versions prior to v9.3.0

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Mar 18, 2024

Collectors

NVD DatabaseMitre Database