CVE-2024-37040

🗓️ 12 Jun 2024 16:56:06Reported by schneiderType

Buffer overflow vulnerability in device web interfac

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability in the web interface of microprogramming software for devices that control lighting and energy consumption of Schneider Electric Sage systems allows a perpetrator to trigger a service failure.	20 Jun 202400:00	–	bdu_fstec
Circl	CVE-2024-37040	17 Apr 202510:00	–	circl
CNNVD	Schneider Electric SAGE RTUs Security Vulnerability	12 Jun 202400:00	–	cnnvd
CVE	CVE-2024-37040	12 Jun 202416:56	–	cve
EUVD	EUVD-2024-36407	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Schneider Electric Sage RTU systems	11 Jun 202411:33	–	ncsc
NVD	CVE-2024-37040	12 Jun 202417:15	–	nvd
OSV	CVE-2024-37040	12 Jun 202417:15	–	osv
Positive Technologies	PT-2024-4204 · Schneider Electric · Schneider Electric Sage	11 Jun 202400:00	–	ptsecurity
Vulnrichment	CVE-2024-37040	12 Jun 202416:56	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Sage 1410",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions C3414-500-S02K5_P8 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Sage 1430",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions C3414-500-S02K5_P8 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Sage 1450",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions C3414-500-S02K5_P8 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Sage 2400",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions C3414-500-S02K5_P8 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Sage 3030 Magnum",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions C3414-500-S02K5_P8 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Sage 4400",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions C3414-500-S02K5_P8 and prior"
      }
    ]
  }
]

Source	Link
download	www.download.schneider-electric.com/files

12 Jun 2024 16:56Current

CVSS 3.15.4

EPSS0.00235

CWE-120