CVE-2024-12142 HIGH

CVE-2024-12142

Vendor Schneider Electric

Product Modicon M340 processors (part numbers BMXP34*)

Weakness CWE-200 · Info exposure

Published January 17, 2025

Last update February 12, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure of restricted web page, modification of web page and denial of service when specific web pages are modified and restricted functions are invoked.

Key dates

02Disclosure timeline

January 17, 2025 CVE published

February 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-12142 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2024-12142

CWE CWE-200

CVSS 8.8 / HIGH

Affected versions

Vendor Schneider Electric

Product Modicon M340 processors (part numbers BMXP34*)

Affected All versions

Vendor Schneider Electric

Product BMXNOE0100

Affected All versions

Vendor Schneider Electric

Product BMXNOE0110

Affected All Versions

Vendor Schneider Electric

Product BMXNOR0200H

Affected Versions prior to SV1.70IR26

CVE-2024-12142

01Description

02Disclosure timeline

03References

04Related CVE