Lucene search

SchneiderCVELIST:CVE-2024-5560

HistoryJun 12, 2024 - 4:45 p.m.

CVE-2024-5560

2024-06-1216:45:56

CWE-125

schneider

www.cve.org

cve-2024-5560

cwe-125

web interface

http request

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.0004 Low

EPSS

Percentile

9.1%

JSON

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the
device’s web interface when an attacker sends a specially crafted HTTP request.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Sage 1410",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions C3414-500-S02K5_P8 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Sage 1430",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions C3414-500-S02K5_P8 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Sage 1450",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions C3414-500-S02K5_P8 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Sage 2400",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions C3414-500-S02K5_P8 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Sage 3030 Magnum",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions C3414-500-S02K5_P8 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Sage 4400",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions C3414-500-S02K5_P8 and prior"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-5560