CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8306
https://notcve.org/view.php?id=CVE-2024-8306
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-254-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-254-01.pdf • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6918
https://notcve.org/view.php?id=CVE-2024-6918
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-226-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-226-01.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-6528
https://notcve.org/view.php?id=CVE-2024-6528
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. CWE-79: Existe una vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ("Cross-site Scripting") que podría causar una vulnerabilidad que conduzca a una condición de cross-site scripting donde los atacantes pueden hacer que el navegador de la víctima ejecute JavaScript arbitrario cuando visitan una página que contiene el payload inyectado. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-04.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5681
https://notcve.org/view.php?id=CVE-2024-5681
CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. CWE-20: Existe una vulnerabilidad de validación de entrada incorrecta que podría causar denegación de servicio local, escalada de privilegios y potencialmente ejecución del kernel cuando un actor malicioso con acceso de usuario local crea un script/programa usando una llamada IOCTL en el controlador Foxboro.sys. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-02.pdf • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5680
https://notcve.org/view.php?id=CVE-2024-5680
CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. CWE-129: Existe una vulnerabilidad de validación inadecuada del índice de matriz que podría causar denegación de servicio local cuando un actor malicioso con acceso de usuario local crea un script/programa usando una llamada IOCTL en el controlador Foxboro.sys. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-02.pdf • CWE-129: Improper Validation of Array Index •