CVE-2024-6407 - OpenCVE

CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Whc-5918a Whc-5918a Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:whc-5918a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:whc-5918a:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-01.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2024-07-11T09:07:40.422Z

Updated: 2024-08-01T21:41:03.280Z

Reserved: 2024-06-28T16:26:10.459Z

Link: CVE-2024-6407

Vulnrichment

Updated: 2024-08-01T21:41:03.280Z

NVD

Status : Analyzed

Published: 2024-07-11T10:15:02.277

Modified: 2024-07-12T16:36:34.747

Link: CVE-2024-6407

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6407", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "state": "PUBLISHED", "assignerShortName": "schneider", "dateReserved": "2024-06-28T16:26:10.459Z", "datePublished": "2024-07-11T09:07:40.422Z", "dateUpdated": "2024-08-01T21:41:03.280Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Wiser Home Controller WHC-5918A", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "All Versions of Wiser Home Controller WHC-5918A"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nCWE-200: Information Exposure vulnerability exists that could cause disclosure of\ncredentials when a specially crafted message is sent to the device.\n\n"}], "value": "CWE-200: Information Exposure vulnerability exists that could cause disclosure of\ncredentials when a specially crafted message is sent to the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2024-07-11T09:07:40.422Z"}, "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-01.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-23T18:26:18.648509Z", "id": "CVE-2024-6407", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T18:26:28.645Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:03.280Z"}, "title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-01.pdf", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-01.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:03.280Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6407", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-23T18:26:18.648509Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T18:26:25.622Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Schneider Electric", "product": "Wiser Home Controller WHC-5918A", "versions": [{"status": "affected", "version": "All Versions of Wiser Home Controller WHC-5918A"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-01.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "CWE-200: Information Exposure vulnerability exists that could cause disclosure of\ncredentials when a specially crafted message is sent to the device.", "supportingMedia": [{"type": "text/html", "value": "\n\nCWE-200: Information Exposure vulnerability exists that could cause disclosure of\ncredentials when a specially crafted message is sent to the device.\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2024-07-11T09:07:40.422Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6407", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:41:03.280Z", "dateReserved": "2024-06-28T16:26:10.459Z", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "datePublished": "2024-07-11T09:07:40.422Z", "assignerShortName": "schneider"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:whc-5918a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "30BA918B-8E6E-4253-A25E-841B59DAC538", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:whc-5918a:-:*:*:*:*:*:*:*", "matchCriteriaId": "929A1C2B-3E85-4084-AE94-570DE12F7F56", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CWE-200: Information Exposure vulnerability exists that could cause disclosure of\ncredentials when a specially crafted message is sent to the device."}, {"lang": "es", "value": "CWE-200: Existe una vulnerabilidad de exposici\u00f3n de informaci\u00f3n que podr\u00eda provocar la divulgaci\u00f3n de credenciales cuando se env\u00eda un mensaje especialmente manipulado al dispositivo."}], "id": "CVE-2024-6407", "lastModified": "2024-07-12T16:36:34.747", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cybersecurity@se.com", "type": "Secondary"}]}, "published": "2024-07-11T10:15:02.277", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-01.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "cybersecurity@se.com", "type": "Secondary"}]}