1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Schneider Electric
- Equipment: Wiser Home Controller WHC-5918A
- Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to disclose sensitive credentials.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Schneider Electric reports the following products are affected:
- Wiser Home Controller WHC-5918A: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200
An information exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device.
CVE-2024-6407 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-6407. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Energy
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: France
3.4 RESEARCHER
Schneider El
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: