CVE-2024-37040

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

8.1HIGH

EPSS

0.2%

top 56.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Sage RTU Firmware Schneider Electric Sage 1410 Schneider Electric Sage 1430 +4 more

Timeline

PublishedJun 12

Description

CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages7 packages

▶NVDschneider-electric/sage_rtu_firmware< c3414-500-s02k5_p9

▶CVEListV5schneider_electric/sage_1410Versions C3414-500-S02K5_P8 and prior

▶CVEListV5schneider_electric/sage_1430Versions C3414-500-S02K5_P8 and prior

▶CVEListV5schneider_electric/sage_1450Versions C3414-500-S02K5_P8 and prior

▶CVEListV5schneider_electric/sage_2400Versions C3414-500-S02K5_P8 and prior

Patches

Patch: download.schneider-electric.com ↗Patch: download.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-4rrj-v9hp-2x5j: CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device↗2024-06-12

▶

CVEList

CVE-2024-37040: CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device↗2024-06-12

▶