{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8531", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "state": "PUBLISHED", "assignerShortName": "schneider", "dateReserved": "2024-09-06T16:49:23.530Z", "datePublished": "2024-10-11T13:50:31.474Z", "dateUpdated": "2024-10-15T14:46:55.509Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Data Center Expert", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Versions 8.1.1.3 and prior"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could\ncompromise the Data Center Expert software when an upgrade bundle is manipulated to\ninclude arbitrary bash scripts that are executed as root."}], "value": "CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could\ncompromise the Data Center Expert software when an upgrade bundle is manipulated to\ninclude arbitrary bash scripts that are executed as root."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2024-10-11T13:50:31.474Z"}, "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-01.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "schneider-electric", "product": "data_center_expert", "cpes": ["cpe:2.3:a:schneider-electric:data_center_expert:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "8.1.1.3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-15T14:45:48.034295Z", "id": "CVE-2024-8531", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T14:46:55.509Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8531", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-15T14:45:48.034295Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:schneider-electric:data_center_expert:*:*:*:*:*:*:*:*"], "vendor": "schneider-electric", "product": "data_center_expert", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "8.1.1.3"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T14:46:49.398Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Schneider Electric", "product": "Data Center Expert", "versions": [{"status": "affected", "version": "Versions 8.1.1.3 and prior"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-01.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could\ncompromise the Data Center Expert software when an upgrade bundle is manipulated to\ninclude arbitrary bash scripts that are executed as root.", "supportingMedia": [{"type": "text/html", "value": "CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could\ncompromise the Data Center Expert software when an upgrade bundle is manipulated to\ninclude arbitrary bash scripts that are executed as root.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2024-10-11T13:50:31.474Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8531", "state": "PUBLISHED", "dateUpdated": "2024-10-15T14:46:55.509Z", "dateReserved": "2024-09-06T16:49:23.530Z", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "datePublished": "2024-10-11T13:50:31.474Z", "assignerShortName": "schneider"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could\ncompromise the Data Center Expert software when an upgrade bundle is manipulated to\ninclude arbitrary bash scripts that are executed as root."}, {"lang": "es", "value": "CWE-347: Existe una vulnerabilidad de verificaci\u00f3n incorrecta de la firma criptogr\u00e1fica que podr\u00eda comprometer el software Data Center Expert cuando se manipula un paquete de actualizaci\u00f3n para incluir scripts bash arbitrarios que se ejecutan como root."}], "id": "CVE-2024-8531", "lastModified": "2024-10-15T12:58:51.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "cybersecurity@se.com", "type": "Secondary"}]}, "published": "2024-10-11T14:15:06.173", "references": [{"source": "cybersecurity@se.com", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-01.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "cybersecurity@se.com", "type": "Primary"}]}

{}