CVE-2024-11999
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-11999
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用未维护的第三方组件
Source: NVD (National Vulnerability Database)
Vulnerability Title
Schneider Electric多款产品 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Schneider Electric HMIST6等都是法国施耐德电气(Schneider Electric)公司的产品。Schneider Electric HMIST6是一款经济高效、品质出众的 HMI 面板。Schneider Electric HMIG3U是一款用于通用面板的高级盒式底座单元。Schneider Electric HMIG3X是一款 HMI 面板。 Schneider Electric多款产品存在安全漏洞,该漏洞源于存在使用未维护的第三方组件漏洞,当经过身份验证的用户将恶意代码安装
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Schneider Electric | Harmony (Formerly Magelis) HMIST6, HMISTM6, HMIG3U, HMIG3X, HMISTO7 series with EcoStruxure Operator Terminal Expert runtime | All versions | - | |
| Schneider Electric | PFXST6000, PFXSTM6000, PFXSP5000, PFXGP4100 series with Pro-face BLUE runtime | All versions | - |
II. Public POCs for CVE-2024-11999
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-11999
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: Schneider Electric
- CVE-2026-2401
Schneider Electric PowerChute Serial Shutdown 日志信息泄露漏洞 - CVE-2026-2400
Schneider Electric PowerChute Serial Shutdown 注入漏洞 - CVE-2026-2403
Schneider Electric PowerChute Serial Shutdown 安全漏洞 - CVE-2026-2405
Schneider Electric PowerChute Serial Shutdown 资源管理错误漏洞 - CVE-2026-2402
Schneider Electric PowerChute Serial Shutdown 安全漏洞
Same weakness: CWE-1104
- CVE-2026-41468
Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Tem - CVE-2025-55277
HCL Aftermarket DPC is affected by Use of Vulnerable/Outdate - CVE-2025-12104
Incorrect Content-Type Header - CVE-2025-52658
HCL MyXalytics is affected by the use of vulnerable/outdated - CVE-2025-34192
Vasion Print (formerly PrinterLogic) Usage of Outdated and U
V. Comments for CVE-2024-11999
No comments yet