VYPR

SEVD-2024-163-04

by Schneider Electric

CVEs (2)

  • CVE-2024-37037HigJun 12, 2024
    risk 0.53cvss 8.1epss 0.01

    CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request.

  • CVE-2024-5558MedJun 12, 2024
    risk 0.42cvss 6.4epss 0.00

    CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account.