ГлавнаяУязвимости → CVE-2024-37038
7.5высокая

CVE-2024-37038

Описание

CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.

Затрагиваемое ПО
Schneider-electric Sage rtu firmwareSchneider-electric Sage 1410Schneider-electric Sage 1430Schneider-electric Sage 1450Schneider-electric Sage 2400Schneider-electric Sage 3030 magnumSchneider-electric Sage 4400
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdfhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf