CVE-2024-5560

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-5560
CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:sage_rtu_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:*
History

25 Jul 2024, 19:59

Type Values Removed Values Added
First Time Schneider-electric
Schneider-electric sage 4400
Schneider-electric sage 1410
Schneider-electric sage 2400
Schneider-electric sage 3030 Magnum
Schneider-electric sage 1450
Schneider-electric sage Rtu Firmware
Schneider-electric sage 1430
CVSS v2 : unknown
v3 : 5.3 		v2 : unknown
v3 : 7.5
CPE cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:sage_rtu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*
References () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf - () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf - Patch, Vendor Advisory

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) CWE-125: Existe una vulnerabilidad de lectura fuera de los límites que podría causar denegación de servicio de la interfaz web del dispositivo cuando un atacante envía una solicitud HTTP especialmente manipulada.

12 Jun 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-12 17:15

Updated : 2024-07-25 19:59

NVD link : CVE-2024-5560

Mitre link : CVE-2024-5560

CVE.ORG link : CVE-2024-5560

JSON object : View

Products Affected

schneider-electric

  • sage_4400
  • sage_1430
  • sage_rtu_firmware
  • sage_3030_magnum
  • sage_2400
  • sage_1450
  • sage_1410
CWE
CWE-125

Out-of-bounds Read