6.5

CVE-2024-5313

EPSS 0.14%
Veröffentlicht 12.06.2024 13:15:50
Zuletzt bearbeitet 21.11.2024 09:47:24
Quelle cybersecurity@se.com
Teams Watchlist Login
Unerledigt Login

CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH
interface over the product network interface. This does not allow to directly exploit the product or
make any unintended operation as the SSH interface access is protected by an authentication
mechanism. Impacts are limited to port scanning and fingerprinting activities as well as attempts
to perform a potential denial of service attack on the exposed SSH interface.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Schneider-electric ≫ Evlink Home Firmware Version2.0.3.8.2_128

Schneider-electric ≫ Evlink Home Version-

Schneider-electric ≫ Evlink Home Firmware Version2.0.4.1.2_131

Schneider-electric ≫ Evlink Home Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.354

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
cybersecurity@se.com	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-03.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-5313

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-5313

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-5313

EUVD