CVE-2024-8530
Schneider Electric EcoStruxure Data Center Expert Missing Authentication Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
CWE-306: Missing Authentication for Critical Function vulnerability exists that could
cause exposure of private data when an already generated “logcaptures” archive is accessed
directly by HTTPS.
The vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of log files. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information, leading to further compromise.
CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-09-06 CVE Reserved
- 2024-10-11 CVE Published
- 2024-10-17 CVE Updated
- 2025-07-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider Electric Search vendor "Schneider Electric" | Data Center Expert Search vendor "Schneider Electric" for product "Data Center Expert" | 8.1.1.3 Search vendor "Schneider Electric" for product "Data Center Expert" and version "8.1.1.3" | en |
Affected
| ||||||