CVE-2024-31415 MEDIUM

CVE-2024-31415

Vendor Eaton
Product Foreseer
Weakness CWE-312 · Cleartext storage
Published September 13, 2024
Last update August 26, 2025

CVSS base score

6.3/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration.

Key dates

02Disclosure timeline

September 13, 2024 CVE published
August 26, 2025 Record updated