CVE-2024-37039

Description

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

Schneider Electric / Sage 1410Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 1430Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 1450Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 2400Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 3030 MagnumVersions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 4400Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior

References

MISChttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf