CVE-2024-10575 – A missing authorization vulnerability (CWE-862)... (How to Fix)

Q: What is the severity of CVE-2024-10575?

CVE-2024-10575 has a CVSS score of 9.8 (CRITICAL). A missing authorization vulnerability (CWE-862) in Schneider Electric products allows unauthorized access when devices are network-enabled. This could enable attackers to compromise connected systems and devices. Organizations using affected Schneider Electric industrial control systems are at risk.

📋 TL;DR

A missing authorization vulnerability (CWE-862) in Schneider Electric products allows unauthorized access when devices are network-enabled. This could enable attackers to compromise connected systems and devices. Organizations using affected Schneider Electric industrial control systems are at risk.

💻 Affected Systems

Products:

Schneider Electric industrial control systems (specific models detailed in SEVD-2024-317-04)

Versions: Multiple versions as specified in SEVD-2024-317-04 advisory

Operating Systems: Embedded/Proprietary OS on Schneider Electric devices

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists when devices are network-enabled. Air-gapped systems or those with network interfaces disabled are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems leading to operational disruption, safety hazards, or data exfiltration from connected OT/IT networks.

🟠

Likely Case

Unauthorized access to device configurations, potential manipulation of industrial processes, and lateral movement to connected systems.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH - Network-enabled devices exposed to internet could be directly exploited without authentication.

🏢 Internal Only: MEDIUM - Requires internal network access but could be exploited by compromised internal systems or malicious insiders.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Missing authorization suggests attackers could bypass authentication mechanisms without complex techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions specified in SEVD-2024-317-04 advisory

Vendor Advisory: https://download.schneider-electric.com/doc/SEVD-2024-317-04/SEVD-2024-317-04.pdf

Restart Required: Yes

Instructions:

1. Review SEVD-2024-317-04 advisory for affected products. 2. Apply vendor-provided patches/updates. 3. Restart affected systems. 4. Verify patch installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in separate network segments with strict access controls

Disable Network Interfaces

all

Disable unnecessary network interfaces on devices not requiring network connectivity

🧯 If You Can't Patch

Implement strict network access controls and firewall rules limiting connections to affected devices
Monitor network traffic to/from affected devices for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check device model and version against SEVD-2024-317-04 advisory. Verify if network interfaces are enabled.

Check Version:

Device-specific commands vary by product - refer to Schneider Electric documentation

Verify Fix Applied:

Confirm installed version matches patched versions in advisory. Test authorization controls.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts
Authentication bypass logs
Configuration changes from unexpected sources

Network Indicators:

Unexpected connections to industrial control ports
Traffic patterns indicating enumeration of ICS devices

SIEM Query:

source="industrial_control" AND (event_type="auth_failure" OR event_type="config_change")

📊 Metadata

CVE ID: CVE-2024-10575

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

Published: November 13, 2024

Last Updated: November 19, 2024

🔗 References

https://download.schneider-electric.com/doc/SEVD-2024-317-04/SEVD-2024-317-04.pdf Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10575, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ecostruxure It Gateway by Schneider Electric

Ecostruxure It Gateway by Schneider Electric

Ecostruxure It Gateway by Schneider Electric

Ecostruxure It Gateway by Schneider Electric

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Disable Network Interfaces

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities