Description
update_disk_psu_baseline.sh requires password in plain text
Published: 2026-06-16
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The script update_disk_psu_baseline.sh on Dell EMC VxRail Appliances stores a password in plain text, representing a cryptographic key storage weakness (CWE‑256). This vulnerability can lead to the disclosure of privileged credentials if the script is accessed or copied by an attacker, potentially allowing unauthorized authentication to services that use that password.

Affected Systems

Dell EMC VxRail Appliance is affected, and the vulnerability is addressed by Dell’s DSA‑2024‑247 security update.

Risk and Exploitability

The CVSS score of 7.4 signals a high‑severity flaw. However, the EPSS score of less than 1 % suggests that exploitation is unlikely at present, and the vulnerability is not listed in CISA’s KEV catalog. Attackers would most likely exploit the weakness by obtaining local access to the file system and reading the script, or via any tooling that exposes its contents, after which they could use the plaintext password to authenticate to privileged components of the VxRail environment.

Generated by OpenCVE AI on June 17, 2026 at 22:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dell’s DSA‑2024‑247 security update for VxRail Appliances to replace the vulnerable script
  • Rotate any passwords that were stored in plaintext within the script or its configuration
  • Enforce strict file permissions so that only privileged administrators can read or modify the script files

Generated by OpenCVE AI on June 17, 2026 at 22:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell dell Emc Vxrail Appliance
Vendors & Products Dell
Dell dell Emc Vxrail Appliance

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Plain Text Password Exposure in VxRail Disk PSU Baseline Script

Tue, 16 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description update_disk_psu_baseline.sh requires password in plain text
Weaknesses CWE-256
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H'}


Subscriptions

Dell Dell Emc Vxrail Appliance
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-16T18:55:47.901Z

Reserved: 2024-06-26T02:14:30.866Z

Link: CVE-2024-39575

cve-icon Vulnrichment

Updated: 2026-06-16T18:52:51.851Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T19:16:29.040

Modified: 2026-06-16T20:41:35.520

Link: CVE-2024-39575

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:05:08Z

Weaknesses
  • CWE-256

    Plaintext Storage of a Password