Attacker May Steal Administrative Credentials via Un Authenticated Traffic Capture

CVE-2024-35294

6.5MEDIUM

Key Information

Vendor
Schneider Elektronik
Status
Series 700
Vendor
CVE Published:
2 October 2024

Summary

An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.

Affected Version(s)

Series 700 <= 0.1.17.6

Refferences

https://www.schneider-elektronik.de/wp-content/uploads/20...
vendor-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Felix Eberstaller and David Schauer from Limes Security
.