Easergy Studio Priv Escal by Unquoted Search Path
CVE-2024-2747 Published on June 12, 2024
CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine.
Vulnerability Analysis
CVE-2024-2747 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
Products Associated with CVE-2024-2747
Want to know whenever a new CVE is published for Schneider Electric Easergy Studio? stack.watch will email you.
Affected Versions
Schneider Electric Easergy Studio:- Version v9.3.3 and prior is affected.
- Before and including 9.3.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.