CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31416
https://notcve.org/view.php?id=CVE-2024-31416
The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result in excessive memory consumption or integer overflow. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31415
https://notcve.org/view.php?id=CVE-2024-31415
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31414
https://notcve.org/view.php?id=CVE-2024-31414
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •