Firmware Binary Leaks Test Credentials
CVE-2024-8070

8.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Evlink Home Smart; Schneider Charge
Vendor: CVE Published:; 13 October 2024

Summary

A vulnerability exists within Schneider Electric's firmware due to the cleartext storage of sensitive information. This issue particularly affects the handling of test credentials, which can be exposed within the firmware binary. Adversaries exploiting this vulnerability may gain unauthorized access to these credentials, leading to potential security breaches and unauthorized control over affected devices. Addressing this security flaw is essential to enhance the overall security posture of Schneider Electric's products and mitigate the associated risks.

Affected Version(s)

EVlink Home Smart All versions prior to 2.0.6.0.0

Schneider Charge All versions prior to 1.13.4

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 13, 2024
Vulnerability Reserved
Aug 22, 2024

Collectors

NVD DatabaseMitre Database