CVE-2024-4229

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify.

*Credits: N/A

CVSS Scores

Mitsubishi Electric Corporationv3.1 7.8

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-04-26 CVE Reserved
2024-12-19 CVE Published
2024-12-19 CVE Updated
2024-12-20 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-276: Incorrect Default Permissions

CAPEC

References (2)

URL	Tag	Source
https://jvn.jp/vu/JVNVU92857077/index.html	Government Resource

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.edgecross.org/client_info/EDGECROSS/view/userweb/ext/en/data-download/pdf/ECD-TE10-0003-01-EN.pdf	2024-12-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Edgecross Consortium Search vendor "Edgecross Consortium"		Edgecross Basic Software For Windows Search vendor "Edgecross Consortium" for product "Edgecross Basic Software For Windows"				1.00 Search vendor "Edgecross Consortium" for product "Edgecross Basic Software For Windows" and version "1.00"		en		Affected
Edgecross Consortium Search vendor "Edgecross Consortium"		Edgecross Basic Software For Developers Search vendor "Edgecross Consortium" for product "Edgecross Basic Software For Developers"				1.00 Search vendor "Edgecross Consortium" for product "Edgecross Basic Software For Developers" and version "1.00"		en		Affected