CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated
user with access to the device’s web interface to perform unauthorized file and firmware
uploads when crafting custom web requests.
References
| Link | Resource |
|---|---|
| https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
25 Jul 2024, 20:25
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Schneider-electric sage Rtu Firmware
Schneider-electric sage 1450 Schneider-electric sage 1430 Schneider-electric sage 3030 Magnum Schneider-electric sage 1410 Schneider-electric sage 4400 Schneider-electric sage 2400 Schneider-electric |
|
| References | () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf - Patch, Vendor Advisory | |
| CPE | cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:sage_rtu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:* |
|
| CWE | CWE-276 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
12 Jun 2024, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-06-12 17:15
Updated : 2024-07-25 20:25
NVD link : CVE-2024-37038
Mitre link : CVE-2024-37038
JSON object : View
Products Affected
schneider-electric
- sage_2400
- sage_4400
- sage_1450
- sage_3030_magnum
- sage_1430
- sage_1410
- sage_rtu_firmware
CWE
CWE-276
Incorrect Default Permissions