CVE-2024-8518

Improper Input Validation (CWE-20)

Published: Oct 8, 2024 / Updated: 42d ago

010
CVSS 3.3EPSS 0.04%Low
CVE info copied to clipboard

CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted project file is loaded by an application user.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Timeline

CVE Assignment

NVD published the first details for CVE-2024-8518

Oct 8, 2024 at 10:15 AM
CVSS

A CVSS base score of 3.3 has been assigned.

Oct 8, 2024 at 10:20 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-8518. See article

Oct 8, 2024 at 10:23 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 8, 2024 at 10:23 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 9, 2024 at 10:30 AM
Threat Intelligence Report

CVE-2024-8518 is a vulnerability with a CVSS v3.1 base score of 3.3, indicating a low criticality level. The details provided do not specify whether it is being exploited in the wild, nor do they mention any proof-of-concept exploits, mitigations, detections, patches, or downstream impacts to third-party vendors or technology. Further investigation would be necessary to assess the overall risk and response measures associated with this vulnerability. See article

Oct 10, 2024 at 3:03 PM
Static CVE Timeline Graph

Affected Systems

Schneider electric/Zelio Soft 2
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

References

Schneider Electric Zelio Soft 2
A Use After Free vulnerability exists that could cause arbitrary code execution, denial-of-service and loss of confidentiality & integrity if an application user opens a malicious Zelio Soft 2 project file. CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

News

Multiple vulnerabilities in Schneider Electric Zelio Soft 2
Schneider Electric Zelio Soft 2
A Use After Free vulnerability exists that could cause arbitrary code execution, denial-of-service and loss of confidentiality & integrity if an application user opens a malicious Zelio Soft 2 project file. CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
CVE-2024-8518
Low Severity Description CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted project file is loaded by an application user. Read more at https://www.tenable.com/cve/CVE-2024-8518
NA - CVE-2024-8518 - CWE-20: Improper Input Validation vulnerability...
CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted project file is loaded by an application user.
CVE-2024-8518
CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted project file is loaded by an application...
See 6 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:Low

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI