CVE-2024-5560

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:sage_rtu_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:*

History

25 Jul 2024, 19:59

Type Values Removed Values Added
CPE cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:sage_rtu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:*
References () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf - () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf - Patch, Vendor Advisory
First Time Schneider-electric sage 1410
Schneider-electric sage 3030 Magnum
Schneider-electric sage Rtu Firmware
Schneider-electric sage 1430
Schneider-electric sage 2400
Schneider-electric sage 4400
Schneider-electric
Schneider-electric sage 1450
CVSS v2 : unknown
v3 : 5.3
v2 : unknown
v3 : 7.5

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) CWE-125: Existe una vulnerabilidad de lectura fuera de los límites que podría causar denegación de servicio de la interfaz web del dispositivo cuando un atacante envía una solicitud HTTP especialmente manipulada.

12 Jun 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-12 17:15

Updated : 2024-07-25 19:59


NVD link : CVE-2024-5560

Mitre link : CVE-2024-5560

CVE.ORG link : CVE-2024-5560


JSON object : View

Products Affected

schneider-electric

  • sage_3030_magnum
  • sage_rtu_firmware
  • sage_1450
  • sage_1430
  • sage_4400
  • sage_2400
  • sage_1410
CWE
CWE-125

Out-of-bounds Read