CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized
access, loss of confidentiality, integrity, and availability of the workstation when non-admin
authenticated user tries to perform privilege escalation by tampering with the binaries
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Schneider-electric
Schneider-electric easergy Studio
CPEs cpe:2.3:a:schneider-electric:easergy_studio:*:*:*:*:*:*:*:*
Vendors & Products Schneider-electric
Schneider-electric easergy Studio
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 11 Oct 2024 14:00:00 +0000

Type Values Removed Values Added
Description CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: schneider

Published:

Updated: 2024-10-11T14:03:06.738Z

Reserved: 2024-09-19T14:23:12.585Z

Link: CVE-2024-9002

cve-icon Vulnrichment

Updated: 2024-10-11T14:02:53.084Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-11T14:15:06.397

Modified: 2024-10-15T12:58:51.050

Link: CVE-2024-9002

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.