Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-8884

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: System Monitor Application In Harmony Industrial Pc HmIBMo/hmIBMi/hmipso/hmIBMp/hmIBMu/hmipsp/hmipep Series; System Monitor Application In Pro-face Industrial Pc Ps5000 Series
Vendor: CVE Published:; 8 October 2024

Summary

A vulnerability identified as CWE-200 allows for the exposure of sensitive credentials to unauthorized actors when they gain access to the Schneider Electric application over an unsecured HTTP connection. This could lead to unauthorized access and exploitation of sensitive user data. It is essential for users and system administrators to address this vulnerability to safeguard their applications against potential security threats.

Affected Version(s)

System Monitor application in Harmony Industrial PC HMIBMO/HMIBMI/HMIPSO/HMIBMP/HMIBMU/HMIPSP/HMIPEP series All versions

System Monitor application in Pro-face Industrial PC PS5000 series All versions

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Sep 16, 2024

Collectors

NVD DatabaseMitre Database