CVE-2024-5557 - Vulnerability Details - OpenCVE

CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause
exposure of SNMP credentials when an attacker has access to the controller logs.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00112.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Spacelogic As-b Spacelogic As-b Firmware Spacelogic As-p Spacelogic As-p Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:spacelogic_as-b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:spacelogic_as-b:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:spacelogic_as-p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:spacelogic_as-p:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-46756	CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2024-06-12T16:28:56.844Z

Updated: 2024-08-01T21:18:06.830Z

Reserved: 2024-05-31T06:58:40.277Z

Link: CVE-2024-5557

Vulnrichment

Updated: 2024-08-01T21:18:06.830Z

NVD

Status : Modified

Published: 2024-06-12T17:15:51.943

Modified: 2024-11-21T09:47:55.560

Link: CVE-2024-5557

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5557", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "state": "PUBLISHED", "assignerShortName": "schneider", "dateReserved": "2024-05-31T06:58:40.277Z", "datePublished": "2024-06-12T16:28:56.844Z", "dateUpdated": "2024-08-01T21:18:06.830Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SpaceLogic AS-P", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "V5.0.3 and prior"}]}, {"defaultStatus": "unaffected", "product": "SpaceLogic AS-B", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "V5.0.3 and prior"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause\nexposure of SNMP credentials when an attacker has access to the controller logs."}], "value": "CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause\nexposure of SNMP credentials when an attacker has access to the controller logs."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2024-06-13T19:01:56.888Z"}, "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "schneider-electric", "product": "spacelogic_as-b", "cpes": ["cpe:2.3:h:schneider-electric:spacelogic_as-b:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.0.3", "versionType": "custom"}]}, {"vendor": "schneider-electric", "product": "spacelogic_as-p", "cpes": ["cpe:2.3:h:schneider-electric:spacelogic_as-p:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.0.3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T18:09:17.413313Z", "id": "CVE-2024-5557", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T18:09:28.568Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.830Z"}, "title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.830Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5557", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T18:09:17.413313Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:schneider-electric:spacelogic_as-b:*:*:*:*:*:*:*:*"], "vendor": "schneider-electric", "product": "spacelogic_as-b", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.0.3"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:schneider-electric:spacelogic_as-p:*:*:*:*:*:*:*:*"], "vendor": "schneider-electric", "product": "spacelogic_as-p", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.0.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T18:09:12.785Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Schneider Electric", "product": "SpaceLogic AS-P", "versions": [{"status": "affected", "version": "V5.0.3 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "SpaceLogic AS-B", "versions": [{"status": "affected", "version": "V5.0.3 and prior"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause\nexposure of SNMP credentials when an attacker has access to the controller logs.", "supportingMedia": [{"type": "text/html", "value": "CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause\nexposure of SNMP credentials when an attacker has access to the controller logs.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2024-06-13T19:01:56.888Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5557", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:18:06.830Z", "dateReserved": "2024-05-31T06:58:40.277Z", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "datePublished": "2024-06-12T16:28:56.844Z", "assignerShortName": "schneider"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:spacelogic_as-b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BD47138-7C8F-4D8B-A669-74395596363D", "versionEndExcluding": "6.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:spacelogic_as-b:-:*:*:*:*:*:*:*", "matchCriteriaId": "A50B62A0-A6FB-4AB4-94A0-D054C5ADB015", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:spacelogic_as-p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA1ABCFA-8D7D-4288-AA9F-FF1B177DBB4E", "versionEndExcluding": "6.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:spacelogic_as-p:-:*:*:*:*:*:*:*", "matchCriteriaId": "E516910C-FC39-46FA-82A5-0BF3546FDF33", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause\nexposure of SNMP credentials when an attacker has access to the controller logs."}, {"lang": "es", "value": "CWE-532: Existe una vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro que podr\u00eda causar la exposici\u00f3n de las credenciales SNMP cuando un atacante tiene acceso a los registros del controlador."}], "id": "CVE-2024-5557", "lastModified": "2024-11-21T09:47:55.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "cybersecurity@se.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-12T17:15:51.943", "references": [{"source": "cybersecurity@se.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "cybersecurity@se.com", "type": "Secondary"}]}