CVE-2024-37038 HIGH

CVE-2024-37038

Vendor Schneider Electric
Product Sage 1410
Weakness CWE-276
Published June 12, 2024
Last update August 2, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.

Key dates

02Disclosure timeline

June 12, 2024 CVE published
August 2, 2024 Record updated