CVE-2024-5056 MEDIUM

CVE-2024-5056

Vendor Schneider Electric
Product Modicon M340
Weakness CWE-552 · Files accessible externally
Published June 12, 2024
Last update August 1, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem.

Key dates

02Disclosure timeline

June 12, 2024 CVE published
August 1, 2024 Record updated