Reboot or ERASE Devices at Risk of Data Loss and DoS
CVE-2024-35293

9.1CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Series 700
Vendor: CVE Published:; 2 October 2024

Summary

A vulnerability in Schneider Electric devices allows unauthenticated remote attackers to exploit missing authentication in critical functions. This security gap can enable attackers to reboot or erase devices, leading to significant data loss and resulting in denial of service. Organizations using these devices face potential operational disruptions and security breaches. Implementing stringent security measures and monitoring device access is essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

Series 700 0.0.0.0 <= 0.1.17.6

References

https://www.schneider-elektronik.de/wp-content/uploads/20...

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 2, 2024
Vulnerability Reserved
May 15, 2024

Credit

Felix Eberstaller and David Schauer from Limes Security