Manipulation of Upgrade Bundles Could Compromise Root Access
CVE-2024-8531

7.2HIGH

Key Information:

Vendor: Schneider Electric
Status: Data Center Expert
Vendor: CVE Published:; 11 October 2024

Summary

A vulnerability exists within Schneider Electric's Data Center Expert software that pertains to improper verification of cryptographic signatures. This issue arises when upgrade bundles are manipulated to contain arbitrary bash scripts, which can then be executed with root privileges. Such a flaw raises significant security concerns, as it potentially allows unauthorized code execution, leading to system compromise and data integrity issues. Organizations utilizing this software should assess their security posture and implement necessary measures to mitigate risks associated with this vulnerability.

Affected Version(s)

Data Center Expert Versions 8.1.1.3 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Sep 6, 2024

Collectors

NVD DatabaseMitre Database