Insecure Configuration Storage Risk Discovered in Eaton Foreseer Software
CVE-2024-31415
8.1HIGH
Key Information:
- Vendor
- Eaton
- Status
- Foreseer
- Vendor
- CVE Published:
- 13 September 2024
Summary
The Eaton Foreseer software, utilized for network and user management configurations, has a significant vulnerability related to the insecure storage of encryption keys. As this software allows for the configuration of external servers, the improper handling of encryption keys poses a risk that could lead to unauthorized changes or deletions of critical server configurations. Such security lapses can potentially compromise the integrity of managed networks, calling for immediate attention and remediation from users and administrators.
Affected Version(s)
Foreseer 0 < 7.8.500
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Joseph Yim