7.1
CVE-2024-12399
- EPSS 0.2%
- Veröffentlicht 17.01.2025 10:15:06
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cybersecurity@se.com
- CVE-Watchlists
- Unerledigt
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSchneider Electric
≫
Produkt
Pro-face GP-Pro EX
Default Statusunaffected
Version
all version
Version <
v5.00.100
Status
affected
HerstellerSchneider Electric
≫
Produkt
Pro-face Remote HMI
Default Statusunaffected
Version
all versions
Version <
v1.70.000
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.413 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cybersecurity@se.com | 6.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cybersecurity@se.com | 7.1 | 1.6 | 5.5 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
|
CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.