CRITICAL🇵🇱 Wersja polska

CVE-2024-2051

CVSS 9.8v3.1pub. 2024-03-18upd. 2026-04-15

CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form.

🤖 AI Analysis
How it works

The system does not limit the number of failed authentication attempts, allowing an attacker to automatically and massively test combinations of usernames and passwords (brute-force attack) directly against the login form. The lack of account lockout mechanisms, CAPTCHA, or time-based thresholds allows an attacker to continue attempting without obstacles until the correct credentials are guessed.

Impact

An attacker can take over a user account and gain unauthorized access to the system, potentially leading to a complete breach of confidentiality, integrity, and availability of data.

Mitigation & patch

Apply patches available from the manufacturer according to the references — Schneider Electric security bulletin SEVD-2024-072-01 available at the address indicated in the references section

Who is affected

Versions indicated in manufacturer references (Schneider Electric security bulletin SEVD-2024-072-01)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References