CVE-2024-37036

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 71.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Sage RTU Firmware Schneider Electric Sage 1410 Schneider Electric Sage 1430 +4 more

Timeline

PublishedJun 12

Description

CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶NVDschneider-electric/sage_rtu_firmwarec3414-500-s02k5_p8

▶CVEListV5schneider_electric/sage_1410Versions C3414-500-S02K5_P8 and prior

▶CVEListV5schneider_electric/sage_1430Versions C3414-500-S02K5_P8 and prior

▶CVEListV5schneider_electric/sage_1450Versions C3414-500-S02K5_P8 and prior

▶CVEListV5schneider_electric/sage_2400Versions C3414-500-S02K5_P8 and prior

🔴Vulnerability Details

CVEList

CVE-2024-37036: CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular c↗2024-06-12

▶

GHSA

GHSA-q5cc-c5xp-qh6h: CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular c↗2024-06-12

▶