Insecure Configuration Storage Risk Discovered in Eaton Foreseer Software
CVE-2024-31415

8.1HIGH

Key Information:

Vendor: Eaton
Status: Foreseer
Vendor: CVE Published:; 13 September 2024

What is CVE-2024-31415?

The Eaton Foreseer software, utilized for network and user management configurations, has a significant vulnerability related to the insecure storage of encryption keys. As this software allows for the configuration of external servers, the improper handling of encryption keys poses a risk that could lead to unauthorized changes or deletions of critical server configurations. Such security lapses can potentially compromise the integrity of managed networks, calling for immediate attention and remediation from users and administrators.

Affected Version(s)

Foreseer 0 < 7.8.500

References

https://www.eaton.com/content/dam/eaton/company/news-insi...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2024
Vulnerability Reserved
Apr 3, 2024

Credit

Joseph Yim