CVE-2024-37037

CWE-22 — Path Traversal3 documents3 sources

Severity

8.1HIGH

EPSS

1.2%

top 21.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Sage RTU Firmware Schneider Electric Sage 1410 Schneider Electric Sage 1430 +4 more

Timeline

PublishedJun 12

Description

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages7 packages

▶NVDschneider-electric/sage_rtu_firmware< c3414-500-s02k5_p9

▶CVEListV5schneider_electric/sage_1410Versions C3414-500-S02K5_P8 and prior

▶CVEListV5schneider_electric/sage_1430Versions C3414-500-S02K5_P8 and prior

▶CVEListV5schneider_electric/sage_1450Versions C3414-500-S02K5_P8 and prior

▶CVEListV5schneider_electric/sage_2400Versions C3414-500-S02K5_P8 and prior

Patches

Patch: download.schneider-electric.com ↗Patch: download.schneider-electric.com ↗

🔴Vulnerability Details

CVEList

CVE-2024-37037: CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user wit↗2024-06-12

▶

GHSA

GHSA-hh55-gjrq-j457: CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user wit↗2024-06-12

▶