CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could
compromise the Data Center Expert software when an upgrade bundle is manipulated to
include arbitrary bash scripts that are executed as root.
Metrics
Affected Vendors & Products
References
History
Tue, 15 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Schneider-electric
Schneider-electric data Center Expert |
|
CPEs | cpe:2.3:a:schneider-electric:data_center_expert:*:*:*:*:*:*:*:* | |
Vendors & Products |
Schneider-electric
Schneider-electric data Center Expert |
|
Metrics |
ssvc
|
Fri, 11 Oct 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root. | |
Weaknesses | CWE-347 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: schneider
Published: 2024-10-11T13:50:31.474Z
Updated: 2024-10-15T14:46:55.509Z
Reserved: 2024-09-06T16:49:23.530Z
Link: CVE-2024-8531
Vulnrichment
Updated: 2024-10-15T14:46:49.398Z
NVD
Status : Awaiting Analysis
Published: 2024-10-11T14:15:06.173
Modified: 2024-10-15T12:58:51.050
Link: CVE-2024-8531
Redhat
No data.