CVE-2024-31415
First published: Fri Sep 13 2024(Updated: )
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration.
Credit: CybersecurityCOE@eaton.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eaton Foreseer Electrical Power Monitoring System | <7.8.600 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-31415?
CVE-2024-31415 is classified as a medium severity vulnerability.
How do I fix CVE-2024-31415?
To remediate CVE-2024-31415, update the Eaton Foreseer software to version 7.8.600 or later.
What type of software is affected by CVE-2024-31415?
CVE-2024-31415 affects the Eaton Foreseer Electrical Power Monitoring System.
What does CVE-2024-31415 expose regarding encryption?
CVE-2024-31415 exposes potential weaknesses in the encryption mechanism used to store configuration keys.
What functionalities does the Eaton Foreseer software provide?
The Eaton Foreseer software provides functionalities for network management and user management through configurable external servers.
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/eaton
- canonical/eaton foreseer electrical power monitoring system