Vulnerability in Schneider Electric Sage 1410
CVE-2024-37038
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.
EPSS: 0.004 (29.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Schneider Electric Sage 1410 — versions Versions C3414-500-S02K5_P8 and prior
- Schneider Electric Sage 1430 — versions Versions C3414-500-S02K5_P8 and prior
- Schneider Electric Sage 1450 — versions Versions C3414-500-S02K5_P8 and prior
- Schneider Electric Sage 2400 — versions Versions C3414-500-S02K5_P8 and prior
- Schneider Electric Sage 3030 Magnum — versions Versions C3414-500-S02K5_P8 and prior
- Schneider Electric Sage 4400 — versions Versions C3414-500-S02K5_P8 and prior
- Schneider-electric Sage_1410
- Schneider-electric Sage_1430
- Schneider-electric Sage_1450
- Schneider-electric Sage_2400
Weakness classification (CWE)
References
- cybersecurity@se.com (Patch, Vendor Advisory)
Frequently asked questions
- What is CVE-2024-37038?
- CVE-2024-37038 is a high-severity vulnerability in Schneider Electric Sage 1410, classified under Incorrect Default Permissions. CVSS score: 7.5/10. Published 2024-06-12.
- How severe is CVE-2024-37038?
- High severity. CVSS v3 base score is 7.5 out of 10.