CVE-2024-8531 — HIGH (7.2) — White Hats Nepal

Vulnerability Description

CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Related Weaknesses (CWE)

CWE-347

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-01&p_enDoc

FAQ

What is CVE-2024-8531?

CVE-2024-8531 is a vulnerability with a CVSS score of 7.2 (HIGH). CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scr...

How severe is CVE-2024-8531?

CVE-2024-8531 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-8531?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.