CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-37038
https://notcve.org/view.php?id=CVE-2024-37038
12 Jun 2024 — CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests. CWE-276: Existe una vulnerabilidad de permisos predeterminados incorrectos que podría permitir que un usuario autenticado con acceso a la interfaz web del dispositivo realice cargas de archivos y firmware no autorizadas al crear solicitudes web personalizadas. CWE-276: Incorrect Defaul... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2015-6485
https://notcve.org/view.php?id=CVE-2015-6485
12 Mar 2016 — Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet. Schneider Electric Telvent Sage 2300 RTUs con firmware anterior a C3413-500-S01 y LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400 y Sage 3030M RTUs con firmware anterior a C3414-500-S... • https://ics-cert.us-cert.gov/advisories/ICSA-16-070-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •