Schneider Electric Sage 3030 Magnum vulnerabilities

6 known vulnerabilities affecting schneider_electric/sage_3030_magnum.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5

Vulnerabilities

Page 1 of 1
CVE-2024-37036CRITICALCVSS 9.8vVersions C3414-500-S02K5_P8 and prior2024-06-12
CVE-2024-37036 [CRITICAL] CWE-787 CVE-2024-37036: CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set.
cvelistv5nvd
CVE-2024-37038HIGHCVSS 8.8vVersions C3414-500-S02K5_P8 and prior2024-06-12
CVE-2024-37038 [HIGH] CWE-276 CVE-2024-37038: CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user w CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.
cvelistv5nvd
CVE-2024-5560HIGHCVSS 7.5vVersions C3414-500-S02K5_P8 and prior2024-06-12
CVE-2024-5560 [HIGH] CWE-125 CVE-2024-5560: CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request.
cvelistv5nvd
CVE-2024-37040HIGHCVSS 8.1vVersions C3414-500-S02K5_P8 and prior2024-06-12
CVE-2024-37040 [HIGH] CWE-120 CVE-2024-37040: CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request.
cvelistv5nvd
CVE-2024-37037HIGHCVSS 8.1vVersions C3414-500-S02K5_P8 and prior2024-06-12
CVE-2024-37037 [HIGH] CWE-22 CVE-2024-37037: CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request.
cvelistv5nvd
CVE-2024-37039HIGHCVSS 7.5vVersions C3414-500-S02K5_P8 and prior2024-06-12
CVE-2024-37039 [HIGH] CWE-252 CVE-2024-37039: CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the devic CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request.
cvelistv5nvd