1. EXECUTIVE SUMMARY
- CVSS v4 6.8
- ATTENTION: Low attack complexity
- Vendor: Schneider Electric
- Equipment: Uni-Telway Driver
- Vulnerability: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to perform a denial of service.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Schneider Electric reports the following products are affected:
- Schneider Electric Uni-Telway Driver: All versions
- Schneider Electric Uni-Telway Driver installed on Control Expert: All versions
- Schneider Electric Uni-Telway Driver installed on Process Expert: All versions
- Schneider Electric Uni-Telway Driver installed on Process Expert for AVEVA System Platform: All versions
- Schneider Electric Uni-Telway Driver installed on OPC Factory Server: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER INPUT VALIDATION CWE-20
Schneider Electric Uni-Telway Driver is vulnerable to an improper input validation vulnerability that could cause denial-of-service of engineering workstations when a specific driver interface is invoked locally by an authenticated user with crafted input.
CVE-2024-10083 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
A CVSS v4 score has also been calculated for CVE-2024-10083. A base score of 6.8 has been calculated; the CVSS vector string is (AV:L/AC:L/AT
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: