VDB
CVE-2024-37037
CVE-2024-37037
PUBLISHED
CVSS 8.100000381469727 HIGH
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request.
EPSS 0.94% · 76.6th percentile
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score
0.94%
76.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| schneider-electric | sage_4400 | 0, 0 |
| Schneider Electric | Sage 1450 | Versions C3414-500-S02K5_P8 and prior, Versions C3414-500-S02K5_P8 and prior |
| schneider-electric | sage_rtu_firmware | 0, 0, 0 |
| Schneider Electric | Sage 3030 Magnum | Versions C3414-500-S02K5_P8 and prior, Versions C3414-500-S02K5_P8 and prior |
| Schneider Electric | Sage 1430 | Versions C3414-500-S02K5_P8 and prior, Versions C3414-500-S02K5_P8 and prior |
| Schneider Electric | Sage 1410 | Versions C3414-500-S02K5_P8 and prior, Versions C3414-500-S02K5_P8 and prior |
| Schneider Electric | Sage 4400 | Versions C3414-500-S02K5_P8 and prior, Versions C3414-500-S02K5_P8 and prior |
| Schneider Electric | Sage 2400 | Versions C3414-500-S02K5_P8 and prior, Versions C3414-500-S02K5_P8 and prior |
Timeline
- Jun 11, 2024 CVE Published
- Jun 13, 2024 EPSS Score
- Jul 6, 2024 EPSS Score
- Jul 29, 2024 EPSS Score
- Sep 13, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 6, 2024 EPSS Score
- Oct 29, 2024 EPSS Score
- Nov 21, 2024 EPSS Score
- Nov 21, 2024 CVE Updated
- Dec 14, 2024 EPSS Score
- Jan 29, 2025 EPSS Score
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-02.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-01.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-03.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-37037 advisory