CVE-2024-37040

Published: Jun 12, 2024Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request.

Affected (1)

Products: Schneider Electric: Sage Rtu Firmware

Schneider Electric

1 product

Sage Rtu Firmware

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Schneider Electric Sage Rtu Firmware	Before c3414-500-s02k5_p9

Running on/with	Platform Versions
Schneider Electric Sage 1410	All versions
Schneider Electric Sage 1430	All versions
Schneider Electric Sage 1450	All versions
Schneider Electric Sage 2400	All versions
Schneider Electric Sage 3030 Magnum	All versions
Schneider Electric Sage 4400	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf

Source: cybersecurity@se.com

PatchVendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.