CVE-2024-5560

Description

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected products

Schneider Electric / Sage 1410Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 1430Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 1450Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 2400Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 3030 MagnumVersions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 4400Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior

References

MISChttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf