Attacker May Steal Administrative Credentials via Un Authenticated Traffic Capture
CVE-2024-35294

6.5MEDIUM

Key Information:

Vendor
Schneider Electric
Status
Series 700
Vendor
CVE Published:
2 October 2024

Summary

An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.

Affected Version(s)

Series 700 0.0.0.0 <= 0.1.17.6

References

https://www.schneider-elektronik.de/wp-content/uploads/20...
vendor-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Felix Eberstaller and David Schauer from Limes Security
.