Search criteria
2 vulnerabilities found for evlink_home_firmware by schneider-electric
CVE-2024-5313 (GCVE-0-2024-5313)
Vulnerability from nvd – Published: 2024-06-12 12:14 – Updated: 2024-08-01 21:11
VLAI?
Summary
CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH
interface over the product network interface. This does not allow to directly exploit the product or
make any unintended operation as the SSH interface access is protected by an authentication
mechanism. Impacts are limited to port scanning and fingerprinting activities as well as attempts
to perform a potential denial of service attack on the exposed SSH interface.
Severity ?
6.5 (Medium)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | EVlink Home Smart |
Affected:
v2.0.4.1.2_131
Affected: v2.0.3.8.2_128 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:schneider-electric:evlink_home_smart:2.0.4.1.2_131:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "evlink_home_smart",
"vendor": "schneider-electric",
"versions": [
{
"status": "affected",
"version": "2.0.4.1.2_131"
},
{
"status": "affected",
"version": "2.0.3.8.2_128"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T14:57:54.307091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:04:51.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-03.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EVlink Home Smart",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "v2.0.4.1.2_131"
},
{
"status": "affected",
"version": "v2.0.3.8.2_128"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nCWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH\ninterface over the product network interface. This does not allow to directly exploit the product or\nmake any unintended operation as the SSH interface access is protected by an authentication\nmechanism. Impacts are limited to port scanning and fingerprinting activities as well as attempts\nto perform a potential denial of service attack on the exposed SSH interface.\n\n"
}
],
"value": "CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH\ninterface over the product network interface. This does not allow to directly exploit the product or\nmake any unintended operation as the SSH interface access is protected by an authentication\nmechanism. Impacts are limited to port scanning and fingerprinting activities as well as attempts\nto perform a potential denial of service attack on the exposed SSH interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T12:14:58.979Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-03.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2024-5313",
"datePublished": "2024-06-12T12:14:58.979Z",
"dateReserved": "2024-05-24T08:29:40.058Z",
"dateUpdated": "2024-08-01T21:11:12.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5313 (GCVE-0-2024-5313)
Vulnerability from cvelistv5 – Published: 2024-06-12 12:14 – Updated: 2024-08-01 21:11
VLAI?
Summary
CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH
interface over the product network interface. This does not allow to directly exploit the product or
make any unintended operation as the SSH interface access is protected by an authentication
mechanism. Impacts are limited to port scanning and fingerprinting activities as well as attempts
to perform a potential denial of service attack on the exposed SSH interface.
Severity ?
6.5 (Medium)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | EVlink Home Smart |
Affected:
v2.0.4.1.2_131
Affected: v2.0.3.8.2_128 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:schneider-electric:evlink_home_smart:2.0.4.1.2_131:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "evlink_home_smart",
"vendor": "schneider-electric",
"versions": [
{
"status": "affected",
"version": "2.0.4.1.2_131"
},
{
"status": "affected",
"version": "2.0.3.8.2_128"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T14:57:54.307091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:04:51.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-03.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EVlink Home Smart",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "v2.0.4.1.2_131"
},
{
"status": "affected",
"version": "v2.0.3.8.2_128"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nCWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH\ninterface over the product network interface. This does not allow to directly exploit the product or\nmake any unintended operation as the SSH interface access is protected by an authentication\nmechanism. Impacts are limited to port scanning and fingerprinting activities as well as attempts\nto perform a potential denial of service attack on the exposed SSH interface.\n\n"
}
],
"value": "CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH\ninterface over the product network interface. This does not allow to directly exploit the product or\nmake any unintended operation as the SSH interface access is protected by an authentication\nmechanism. Impacts are limited to port scanning and fingerprinting activities as well as attempts\nto perform a potential denial of service attack on the exposed SSH interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T12:14:58.979Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-03.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2024-5313",
"datePublished": "2024-06-12T12:14:58.979Z",
"dateReserved": "2024-05-24T08:29:40.058Z",
"dateUpdated": "2024-08-01T21:11:12.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}