{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5559", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "state": "PUBLISHED", "assignerShortName": "schneider", "dateReserved": "2024-05-31T06:58:51.639Z", "datePublished": "2024-06-12T17:18:04.604Z", "dateUpdated": "2024-08-01T21:18:06.557Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerLogic P5", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "v01.500.104 and prior"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nCWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could\ncause denial of service, device reboot, or an attacker gaining full control of the relay when a\nspecially crafted reset token is entered into the front panel of the device.\n\n\n"}], "value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could\ncause denial of service, device reboot, or an attacker gaining full control of the relay when a\nspecially crafted reset token is entered into the front panel of the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2024-06-12T17:18:04.604Z"}, "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-02.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-01T20:49:53.165251Z", "id": "CVE-2024-5559", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T21:26:14.765Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.557Z"}, "title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-02.pdf", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-02.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.557Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5559", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-01T20:49:53.165251Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T21:26:11.301Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Schneider Electric", "product": "PowerLogic P5", "versions": [{"status": "affected", "version": "v01.500.104 and prior"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-02.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could\ncause denial of service, device reboot, or an attacker gaining full control of the relay when a\nspecially crafted reset token is entered into the front panel of the device.", "supportingMedia": [{"type": "text/html", "value": "\n\nCWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could\ncause denial of service, device reboot, or an attacker gaining full control of the relay when a\nspecially crafted reset token is entered into the front panel of the device.\n\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2024-06-12T17:18:04.604Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5559", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:18:06.557Z", "dateReserved": "2024-05-31T06:58:51.639Z", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "datePublished": "2024-06-12T17:18:04.604Z", "assignerShortName": "schneider"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:powerlogic_p5_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "67DFDA6A-737D-4BB0-9A35-5F14CA09E6DF", "versionEndIncluding": "01.500.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:powerlogic_p5:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EEFB9C4-CB42-46AD-83BE-1344AADC62F5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could\ncause denial of service, device reboot, or an attacker gaining full control of the relay when a\nspecially crafted reset token is entered into the front panel of the device."}, {"lang": "es", "value": "CWE-327: Existe una vulnerabilidad de algoritmo criptogr\u00e1fico roto o riesgoso que podr\u00eda causar denegaci\u00f3n de servicio, reinicio del dispositivo o que un atacante obtenga control total del rel\u00e9 cuando se ingresa un token de reinicio especialmente manipulado en el panel frontal del dispositivo."}], "id": "CVE-2024-5559", "lastModified": "2024-11-21T09:47:55.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.2, "source": "cybersecurity@se.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-12T18:15:12.493", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-02.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-02.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "cybersecurity@se.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}