CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:sage_rtu_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:*

History

25 Jul 2024, 20:25

Type Values Removed Values Added
References () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf - () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf - Patch, Vendor Advisory
First Time Schneider-electric sage 1410
Schneider-electric sage 3030 Magnum
Schneider-electric sage Rtu Firmware
Schneider-electric sage 1430
Schneider-electric sage 2400
Schneider-electric sage 4400
Schneider-electric
Schneider-electric sage 1450
CPE cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:sage_rtu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:*

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) CWE-22: Existe una vulnerabilidad de limitación inadecuada de un nombre de ruta a un directorio restringido ("Path Traversal") que podría permitir que un usuario autenticado con acceso a la interfaz web del dispositivo corrompa archivos y afecte la funcionalidad del dispositivo al enviar una solicitud HTTP manipulada.

12 Jun 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-12 17:15

Updated : 2024-07-25 20:25


NVD link : CVE-2024-37037

Mitre link : CVE-2024-37037

CVE.ORG link : CVE-2024-37037


JSON object : View

Products Affected

schneider-electric

  • sage_3030_magnum
  • sage_rtu_firmware
  • sage_1450
  • sage_1430
  • sage_4400
  • sage_2400
  • sage_1410
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')