CVE-2024-10083

CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-02.pdf

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) CWE-20: Existe una vulnerabilidad de validación de entrada incorrecta que podría causar la denegación de servicio de una estación de trabajo de ingeniería cuando un usuario autenticado invoca localmente una interfaz de controlador específica con una entrada manipulado.

13 Feb 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-13 06:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-10083

Mitre link : CVE-2024-10083

CVE.ORG link : CVE-2024-10083

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2024-10083", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-02-13T06:15:19.210", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-02.pdf", "source": "cybersecurity@se.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering\nworkstation when specific driver interface is invoked locally by an authenticated user with crafted input."}, {"lang": "es", "value": "CWE-20: Existe una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda causar la denegaci\u00f3n de servicio de una estaci\u00f3n de trabajo de ingenier\u00eda cuando un usuario autenticado invoca localmente una interfaz de controlador espec\u00edfica con una entrada manipulado."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cybersecurity@se.com"}