CRITICAL🇵🇱 Wersja polska

CVE-2024-37036

CVSS 9.8v3.1pub. 2024-06-12upd. 2024-11-21

CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set.

🤖 AI Analysis
How it works

An attacker sends a specially crafted HTTP POST request with an incorrect structure to the device (malformed POST request). In combination with specific device configuration, this causes data to be written outside the intended memory area (out-of-bounds write), which leads to bypassing the authentication process. The vulnerability is accessible over the network without requiring any credentials.

Impact

A successful exploit allows an attacker to bypass authentication and gain unauthorized access to the device, which in industrial environments (OT/ICS) can lead to violations of confidentiality, integrity, and availability of controlled systems.

Mitigation & patch

Security patches available from the manufacturer should be applied in accordance with the references — Schneider Electric security bulletin SEVD-2024-163-05 available at the address indicated in the references. Additionally, it is recommended to verify and restrict the configuration of vulnerable parameters and isolate RTU devices from external networks.

Who is affected

Schneider Electric Sage RTU Firmware and devices: Sage 1410, Sage 1430, Sage 1450, Sage 2400 — specific firmware versions indicated in the manufacturer's references (SEVD-2024-163-05)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric Sage 1410

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Sage 1430

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Sage 1450

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Sage 2400

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Sage 3030 Magnum

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Sage 4400

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Sage Rtu Firmware

    OS
    Schneider-Electric
    ≤ c3414-500-s02k5_p8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassMemory
CWE
References

Related vulnerabilities

CVE-2024-37038HIGH7.5ten sam produkt

CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access...

CVE-2024-37037HIGH8.1ten sam produkt

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists th...

CVE-2024-5560MEDIUM5.3ten sam produkt

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interf...

CVE-2024-37039MEDIUM5.9ten sam produkt

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an ...

CVE-2024-37040MEDIUM5.4ten sam produkt

CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that coul...