SchneiderVULNRICHMENT:CVE-2024-5056CVE-2024-5056
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may
prevent user to update the device firmware and prevent proper behavior of the webserver when
specific files or directories are removed from the filesystem.
CNA Affected
[
{
"vendor": "Schneider Electric",
"product": "Modicon M340",
"versions": [
{
"status": "affected",
"version": "All versions"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Schneider Electric",
"product": "Network module, Modicon M340, Modbus/TCP BMXNOE0100",
"versions": [
{
"status": "affected",
"version": "All versions"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Schneider Electric",
"product": "Network module, Modicon M340, Ethernet TCP/IP BMXNOE0110",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
],
"defaultStatus": "unaffected"
}
]Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%