PT-2024-7818 · Schneider Electric · Ecostruxure It Gateway
Published
2024-11-11
·
Updated
2024-11-19
·
CVE-2024-10575
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Schneider Electric EcoStruxure IT Gateway (affected versions not specified)
Description
A Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices. The vulnerability is related to the absence of an authorization procedure in the software for communicating with controlled devices. Exploitation of the vulnerability may allow a remote attacker to gain full access to the vulnerable software.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ecostruxure It Gateway