CVE-2024-37040

CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:sage_rtu_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:*

History

25 Jul 2024, 20:17

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 8.1
CPE cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:sage_rtu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*
First Time Schneider-electric
Schneider-electric sage 4400
Schneider-electric sage 1410
Schneider-electric sage 2400
Schneider-electric sage 3030 Magnum
Schneider-electric sage 1450
Schneider-electric sage Rtu Firmware
Schneider-electric sage 1430
References () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf - () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf - Patch, Vendor Advisory

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) CWE-120: Existe una vulnerabilidad de copia de búfer sin verificar el tamaño de la entrada ('desbordamiento de búfer clásico') que podría permitir que un usuario con acceso a la interfaz web del dispositivo cause una falla en el dispositivo al enviar una solicitud HTTP con formato incorrecto.

12 Jun 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-12 17:15

Updated : 2024-07-25 20:17


NVD link : CVE-2024-37040

Mitre link : CVE-2024-37040

CVE.ORG link : CVE-2024-37040


JSON object : View

Products Affected

schneider-electric

  • sage_4400
  • sage_1430
  • sage_rtu_firmware
  • sage_3030_magnum
  • sage_2400
  • sage_1450
  • sage_1410
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')