HIGH🇵🇱 Wersja polska

CVE-2024-37038

CVSS 7.5v3.1pub. 2024-06-12upd. 2024-11-21

CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric Sage 1410

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Sage 1430

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Sage 1450

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Sage 2400

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Sage 3030 Magnum

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Sage 4400

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Sage Rtu Firmware

    OS
    Schneider-Electric
    < c3414-500-s02k5_p9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-37036CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds Write umożliwiający Auth Bypass w Schneider Electric Sage RTU

CVE-2024-37037HIGH8.1ten sam produkt

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists th...

CVE-2024-37039MEDIUM5.9ten sam produkt

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an ...

CVE-2024-37040MEDIUM5.4ten sam produkt

CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that coul...

CVE-2024-5560MEDIUM5.3ten sam produkt

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interf...