Reboot or ERASE Devices at Risk of Data Loss and DoS

CVE-2024-35293

9.1CRITICAL

Key Information

Vendor
Schneider Elektronik
Status
Series 700
Vendor
CVE Published:
2 October 2024

Summary

An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.

Affected Version(s)

Series 700 <= 0.1.17.6

Refferences

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Felix Eberstaller and David Schauer from Limes Security
.