CVE-2024-10497

Name of the Vulnerable Software and Affected Versions Schneider Electric PowerLogic HDPM6000 version 0.62.7

Description The issue is related to an authorization bypass vulnerability that could allow an authorized attacker to modify values outside those defined by their privileges, potentially leading to elevation of privileges. This can be achieved by sending modified HTTPS requests to the device. The vulnerability is associated with a user-controlled key. It may affect a significant number of internet users.

Recommendations For Schneider Electric PowerLogic HDPM6000 version 0.62.7, consider disabling the use of user-controlled keys until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using modified HTTPS requests to the device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.