CVE-2024-31415

Severity CVSS v4.0:

Pending analysis

Type:

CWE-312 Cleartext Storage of Sensitive Information

Publication date:

13/09/2024

Last modified:

26/08/2025

Description

The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration.

Impact

Vector 3.x

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L CVSS v3.1 Severity and Metrics:

Base Score: 6.30 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): Low

Base Score 3.x

6.30

Severity 3.x

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:eaton:foreseer_electrical_power_monitoring_system::::::::		7.8.600 (excluding)

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf