CVE-2024-5560

Published: Jun 12, 2024Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request.

Affected (1)

Products: Schneider Electric: Sage Rtu Firmware

Schneider Electric

1 product

Sage Rtu Firmware

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Schneider Electric Sage Rtu Firmware	Before c3414-500-s02k5_p9

Running on/with	Platform Versions
Schneider Electric Sage 1410	All versions
Schneider Electric Sage 1430	All versions
Schneider Electric Sage 1450	All versions
Schneider Electric Sage 2400	All versions
Schneider Electric Sage 3030 Magnum	All versions
Schneider Electric Sage 4400	All versions

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf

Source: cybersecurity@se.com

PatchVendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.