VDB
CVE-2024-37036
CVE-2024-37036
PUBLISHED
CVSS 9.800000190734863 CRITICAL
CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set.
EPSS 0.09% · 25.1th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.09%
25.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| schneider_electric | sage_4400_firmware | 0, 0 |
| Schneider Electric | Sage 4400 | Versions C3414-500-S02K5_P8 and prior, Versions C3414-500-S02K5_P8 and prior |
| Schneider Electric | Sage 1410 | Versions C3414-500-S02K5_P8 and prior, Versions C3414-500-S02K5_P8 and prior |
| Schneider Electric | Sage 1430 | Versions C3414-500-S02K5_P8 and prior, * |
| Schneider Electric | Sage 1450 | Versions C3414-500-S02K5_P8 and prior, Versions C3414-500-S02K5_P8 and prior |
| Schneider Electric | Sage 2400 | Versions C3414-500-S02K5_P8 and prior, Versions C3414-500-S02K5_P8 and prior |
| Schneider Electric | Sage 3030 Magnum | Versions C3414-500-S02K5_P8 and prior, Versions C3414-500-S02K5_P8 and prior |
| schneider-electric | sage_rtu_firmware | 0, 0, 0 |
Timeline
- Jun 11, 2024 CVE Published
- Jun 13, 2024 EPSS Score
- Jul 6, 2024 EPSS Score
- Jul 29, 2024 EPSS Score
- Aug 21, 2024 EPSS Score
- Sep 13, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 6, 2024 EPSS Score
- Oct 29, 2024 EPSS Score
- Nov 21, 2024 EPSS Score
- Nov 21, 2024 CVE Updated
- Dec 14, 2024 EPSS Score
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf url
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-02.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-01.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-03.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-37036 advisory