CVE-2024-2052

EUVD-2024-27017
CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow
unauthenticated files and logs exfiltration and download of files when an attacker modifies the
URL to download to a different location.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
schneider-electrict200i
𝑥
< sc2-04mod-07000104
ADP
Common Weakness Enumeration
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-01.pdf
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-01.pdf