Vulnerabilities > CVE-2024-31416 - Improper Validation of Specified Quantity in Input vulnerability in Eaton Foreseer Electrical Power Monitoring System

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

eaton

CWE-1284

NVD

Published: 2024-09-13

Updated: 2024-09-19

Summary

The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result in excessive memory consumption or integer overflow.

Vulnerable Configurations

Part	Description	Count
Application	Eaton Eaton Foreseer Electrical Power Monitoring System 4.0 Eaton Foreseer Electrical Power Monitoring System 7.0 Eaton Foreseer Electrical Power Monitoring System 7.5 Eaton Foreseer Electrical Power Monitoring System 7.6	4

Common Weakness Enumeration (CWE)

CWE-1284 - Improper Validation of Specified Quantity in Input

References

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf