CVE-2024-31414: XSS
First published: Fri Sep 13 2024(Updated: )
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors.
Credit: CybersecurityCOE@eaton.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eaton Foreseer Electrical Power Monitoring System | <7.8.600 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-31414?
CVE-2024-31414 is classified as a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2024-31414?
To fix CVE-2024-31414, update the Eaton Foreseer software to the latest version above 7.8.600 with the patched input sanitization features.
What kind of attacks can CVE-2024-31414 enable?
CVE-2024-31414 can enable attackers to execute unauthorized scripts, potentially leading to data breaches or system compromise.
Which versions of Eaton Foreseer are affected by CVE-2024-31414?
Eaton Foreseer versions prior to 7.8.600 are affected by CVE-2024-31414.
Is there a recommended action for administrators regarding CVE-2024-31414?
Administrators are recommended to conduct immediate updates and apply security practices to mitigate risks associated with CVE-2024-31414.
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/eaton
- canonical/eaton foreseer electrical power monitoring system