Details of VAR-202410-0117

ID

VAR-202410-0117

CVE

CVE-2024-8884

TITLE

Schneider Electric System Monitor application information disclosure vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-02598

DESCRIPTION

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause exposure of credentials when attacker has access to application on network over http. Schneider Electric System Monitor application is a system monitoring program in industrial control equipment of Schneider Electric, a French company. Schneider Electric System Monitor application has an information leakage vulnerability. The vulnerability is due to the application's insufficient protection of sensitive information

Trust: 1.44

sources: NVD: CVE-2024-8884 // CNVD: CNVD-2025-02598

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-02598

AFFECTED PRODUCTS

vendor:

schneider

model:

electric schneider electric system monitor application

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-02598

CVSS

SEVERITY

CVSSV2

CVSSV3

cybersecurity@se.com:	CVE-2024-8884
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-02598
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-02598
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cybersecurity@se.com:	CVE-2024-8884
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-02598 // NVD: CVE-2024-8884

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.0

sources: NVD: CVE-2024-8884

PATCH

title:

Patch for Schneider Electric System Monitor application information disclosure vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/654591

Trust: 0.6

sources: CNVD: CNVD-2025-02598

EXTERNAL IDS

db:	NVD	id:	CVE-2024-8884	Trust: 1.6
db:	SCHNEIDER	id:	SEVD-2024-282-07	Trust: 1.6
db:	CNVD	id:	CNVD-2025-02598	Trust: 0.6

sources: CNVD: CNVD-2025-02598 // NVD: CVE-2024-8884

REFERENCES

url:

https://download.schneider-electric.com/files?p_doc_ref=sevd-2024-282-07&p_endoctype=security+and+safety+notice&p_file_name=sevd-2024-282-07.pdf

Trust: 1.6

sources: CNVD: CNVD-2025-02598 // NVD: CVE-2024-8884

SOURCES

db:	CNVD	id:	CNVD-2025-02598
db:	NVD	id:	CVE-2024-8884

LAST UPDATE DATE

2025-02-09T23:05:49.033000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-02598	date:	2025-02-08T00:00:00
db:	NVD	id:	CVE-2024-8884	date:	2024-10-10T12:56:30.817

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-02598	date:	2025-02-08T00:00:00
db:	NVD	id:	CVE-2024-8884	date:	2024-10-08T11:15:13.487