CVE-2024-37036

CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:sage_rtu_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:*

History

14 Aug 2024, 14:19

Type Values Removed Values Added
First Time Schneider-electric sage 4400
CPE cpe:2.3:h:schneider-electric:sage_4040:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:*

14 Aug 2024, 14:08

Type Values Removed Values Added
CPE cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_4040:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:sage_rtu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*
References () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf - () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf - Vendor Advisory
First Time Schneider-electric sage 1450
Schneider-electric sage 4040
Schneider-electric sage 3030 Magnum
Schneider-electric sage 2400
Schneider-electric sage Rtu Firmware
Schneider-electric sage 1410
Schneider-electric
Schneider-electric sage 1430

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) CWE-787: Existe una vulnerabilidad de escritura fuera de los límites que podría provocar una omisión de autenticación al enviar una solicitud POST con formato incorrecto y se establecen parámetros de configuración particulares.

12 Jun 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-12 17:15

Updated : 2024-08-14 14:19


NVD link : CVE-2024-37036

Mitre link : CVE-2024-37036

CVE.ORG link : CVE-2024-37036


JSON object : View

Products Affected

schneider-electric

  • sage_3030_magnum
  • sage_rtu_firmware
  • sage_1450
  • sage_1430
  • sage_4400
  • sage_2400
  • sage_1410
CWE
CWE-787

Out-of-bounds Write