CVE-2024-37038
published 2024-06-12CVE-2024-37038: CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated
user with access to the device’s web interface to perform unauthorized file and firmware
uploads when crafting custom web requests.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | sage_rtu_firmware | < c3414-500-s02k5_p9 | c3414-500-s02k5_p9 |
| schneider_electric | sage_1410 | — | — |
| schneider_electric | sage_1430 | — | — |
| schneider_electric | sage_1450 | — | — |
| schneider_electric | sage_2400 | — | — |
| schneider_electric | sage_3030_magnum | — | — |
| schneider_electric | sage_4400 | — | — |