CVE-2024-5056

Published: Jun 12, 2024Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem.

Affected (3)

Products: Schneider Electric: Modicon M340 Firmware, Bmxnoe0100 Firmware, Bmxnoe0110 Firmware

Schneider Electric

3 products

Modicon M340 Firmware

Bmxnoe0100 Firmware

Bmxnoe0110 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M340 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M340	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Bmxnoe0100 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Bmxnoe0100	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Bmxnoe0110 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Bmxnoe0110	All versions

Related CWEs

CWE-552

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-01.pdf

Source: cybersecurity@se.com

Vendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-01.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.