Vulnerabilities > CVE-2024-5558 - Unspecified vulnerability in Schneider-Electric Spacelogic As-B Firmware and Spacelogic As-P Firmware

CVSS 6.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

high complexity

schneider-electric

NVD

Published: 2024-06-12

Updated: 2024-11-21

Summary

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account.

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Spacelogic AS B Firmware * Schneider Electric Spacelogic AS P Firmware *	2
Hardware	Schneider-Electric Schneider Electric Spacelogic AS B - Schneider Electric Spacelogic AS P -	2

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf