CVE-2024-11999: CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated...

8.7 CVSS

Description

CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete
control of the device when an authenticated user installs malicious code into HMI product.

Classification

CVE ID: CVE-2024-11999

CVSS Base Severity: HIGH

CVSS Base Score: 8.7

Affected Products

Vendor: Schneider Electric

Product: Harmony (Formerly Magelis) HMIST6, HMISTM6, HMIG3U, HMIG3X, HMISTO7 series with EcoStruxure Operator Terminal Expert runtime

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-345-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-345-02.pdf

Timeline

2024-12-18 00:30:28 UTC
CVE

CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated...