CVE-2024-12399 (GCVE-0-2024-12399)
Vulnerability from cvelistv5
Published
2025-01-17 09:37
Modified
2025-09-09 20:41
Severity ?
6.1 (Medium) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
CWE
  • CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Summary
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication.
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-02.pdf
Impacted products
Vendor Product Version
Schneider Electric Pro-face GP-Pro EX Version: all version
 Create a notification for this product.
   Schneider Electric Pro-face Remote HMI Version: all versions
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12399",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-17T13:19:08.787250Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T16:55:25.689Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Pro-face GP-Pro EX",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThan": "v5.00.100",
              "status": "affected",
              "version": "all version",
              "versionType": "version"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro-face Remote HMI",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThan": "v1.70.000",
              "status": "affected",
              "version": "all versions",
              "versionType": "version"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability\nexists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs\nman in the middle attack by intercepting the communication.\n\n\u003cbr\u003e"
            }
          ],
          "value": "CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability\nexists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs\nman in the middle attack by intercepting the communication."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-924",
              "description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-09T20:41:23.793Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-014-02.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2024-12399",
    "datePublished": "2025-01-17T09:37:35.734Z",
    "dateReserved": "2024-12-10T09:21:04.278Z",
    "dateUpdated": "2025-09-09T20:41:23.793Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-12399\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2025-01-17T10:15:06.697\",\"lastModified\":\"2025-01-17T10:15:06.697\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability\\nexists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs\\nman in the middle attack by intercepting the communication.\"},{\"lang\":\"es\",\"value\":\"CWE-924: Existe una vulnerabilidad de aplicaci\u00f3n inadecuada de la integridad del mensaje durante la transmisi\u00f3n en un canal de comunicaci\u00f3n que podr\u00eda causar una p\u00e9rdida parcial de confidencialidad, p\u00e9rdida de integridad y disponibilidad de la HMI cuando el atacante realiza un ataque man in the middle interceptando la comunicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnerableSystemConfidentiality\":\"LOW\",\"vulnerableSystemIntegrity\":\"HIGH\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.5}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-924\"}]}],\"references\":[{\"url\":\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-014-02.pdf\",\"source\":\"cybersecurity@se.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-12399\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-17T13:19:08.787250Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-12T16:55:05.827Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Schneider Electric\", \"product\": \"Pro-face GP-Pro EX\", \"versions\": [{\"status\": \"affected\", \"version\": \"all version\", \"lessThan\": \"v5.00.100\", \"versionType\": \"version\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Schneider Electric\", \"product\": \"Pro-face Remote HMI\", \"versions\": [{\"status\": \"affected\", \"version\": \"all versions\", \"lessThan\": \"v1.70.000\", \"versionType\": \"version\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-014-02.pdf\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability\\nexists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs\\nman in the middle attack by intercepting the communication.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability\\nexists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs\\nman in the middle attack by intercepting the communication.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-924\", \"description\": \"CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel\"}]}], \"providerMetadata\": {\"orgId\": \"076d1eb6-cfab-4401-b34d-6dfc2a413bdb\", \"shortName\": \"schneider\", \"dateUpdated\": \"2025-09-09T20:41:23.793Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-12399\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-09T20:41:23.793Z\", \"dateReserved\": \"2024-12-10T09:21:04.278Z\", \"assignerOrgId\": \"076d1eb6-cfab-4401-b34d-6dfc2a413bdb\", \"datePublished\": \"2025-01-17T09:37:35.734Z\", \"assignerShortName\": \"schneider\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.