CVE-2024-5558

Published: Jun 12, 2024Modified: Nov 21, 2024

6.4

Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.5 / Impact: 5.9

Source: NVD

Description

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account.

Affected (2)

Products: Schneider Electric: Spacelogic As B Firmware, Spacelogic As P Firmware

Schneider Electric

2 products

Spacelogic As B Firmware

Spacelogic As P Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Spacelogic As B Firmware	Before 6.0.1

Running on/with	Platform Versions
Schneider Electric Spacelogic As B	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Spacelogic As P Firmware	Before 6.0.1

Running on/with	Platform Versions
Schneider Electric Spacelogic As P	All versions

Related CWEs

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf

Source: cybersecurity@se.com

PatchVendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.