VYPR

SEVD-2025-014-05

by Schneider Electric

CVEs (3)

  • CVE-2024-10497HigJan 17, 2025
    risk 0.57cvss 8.8epss 0.01

    CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges (Elevation of Privileges) when the attacker sends modified HTTPS requests to the device.

  • CVE-2024-12142HigJan 17, 2025
    risk 0.56cvss 8.6epss 0.00

    CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure of restricted web page, modification of web page and denial of service when specific web pages are modified and restricted functions are invoked.

  • CVE-2024-11139MedJan 17, 2025
    risk 0.30cvss epss 0.00

    CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow local attackers to exploit these issues to potentially execute arbitrary code when opening a malicious project file.