CVE-2024-31416

Published: Sep 13, 2024Modified: Aug 26, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result in excessive memory consumption or integer overflow.

Affected (1)

Products: Eaton: Foreseer Electrical Power Monitoring System

1 product

Foreseer Electrical Power Monitoring System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Eaton Foreseer Electrical Power Monitoring System	Before 7.8.600

Related CWEs

Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (1)

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf

Source: CybersecurityCOE@eaton.com

Vendor Advisory

Timeline

No history available yet.