Insecure Configuration Storage Risk Discovered in Eaton Foreseer Software
CVE-2024-31415

6.3MEDIUM

Key Information:

Vendor: Eaton
Status: Foreseer
Vendor: CVE Published:; 13 September 2024

What is CVE-2024-31415?

The Eaton Foreseer software, utilized for network and user management configurations, has a significant vulnerability related to the insecure storage of encryption keys. As this software allows for the configuration of external servers, the improper handling of encryption keys poses a risk that could lead to unauthorized changes or deletions of critical server configurations. Such security lapses can potentially compromise the integrity of managed networks, calling for immediate attention and remediation from users and administrators.

Affected Version(s)

Foreseer 0 < 7.8.500

References

https://www.eaton.com/content/dam/eaton/company/news-insi...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2024
Vulnerability Reserved
Apr 3, 2024

Credit

Joseph Yim

JSON