CVEs (6)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Schneider Electric 1Sage Rtu Firmware Nov 21, 2024 Jun 12, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the
device’s web interface when an attacker sends a specially crafted HTTP request. |
1Schneider Electric 1Sage Rtu Firmware Nov 21, 2024 Jun 12, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malform...Show more |
1Schneider Electric 1Sage Rtu Firmware Nov 21, 2024 Jun 12, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the
device when an attacker sends a specially crafted HTTP request. |
1Schneider Electric 1Sage Rtu Firmware Nov 21, 2024 Jun 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requ...Show more |
1Schneider Electric 1Sage Rtu Firmware Nov 21, 2024 Jun 12, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact dev...Show more |
1Schneider Electric 1Sage Rtu Firmware Nov 21, 2024 Jun 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass
when sending a malformed POST request and particular configuration parameters are set. |