CVE-2024-2051 - OpenCVE

CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-01.pdf

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2024-03-18T16:03:44.987Z

Updated: 2024-03-18T16:03:44.987Z

Reserved: 2024-03-01T01:25:46.121Z

Link: CVE-2024-2051

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-03-18T16:15:09.130

Modified: 2024-03-18T19:40:00.173

Link: CVE-2024-2051

JSON object: View

Redhat Information

No data.

CWE

CWE-307

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-2051", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "state": "PUBLISHED", "assignerShortName": "schneider", "dateReserved": "2024-03-01T01:25:46.121Z", "datePublished": "2024-03-18T16:03:44.987Z", "dateUpdated": "2024-03-18T16:03:44.987Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Easergy T200 (Modbus) Models: T200I, T200E, T200P, T200S, T200H ", "vendor": "Schneider Electric", "versions": [{"lessThanOrEqual": "prior", "status": "affected", "version": "SC2-04MOD-07000104", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Easergy T200 (IEC104) Models: T200I, T200E, T200P, T200S, T200H", "vendor": "Schneider Electric ", "versions": [{"lessThanOrEqual": "prior", "status": "affected", "version": "SC2-04IEC-07000104", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Easergy T200 (DNP3) Models: T200I, T200E, T200P, T200S, T200H", "vendor": "Schneider Electric ", "versions": [{"lessThanOrEqual": "prior", "status": "affected", "version": "SC2-04DNP-07000104", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nCWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that\ncould cause account takeover and unauthorized access to the system when an attacker\nconducts brute-force attacks against the login form.\n\n"}], "value": "\nCWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that\ncould cause account takeover and unauthorized access to the system when an attacker\nconducts brute-force attacks against the login form.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2024-03-18T16:03:44.987Z"}, "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-01.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}