CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-37040
https://notcve.org/view.php?id=CVE-2024-37040
12 Jun 2024 — CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request. CWE-120: Existe una vulnerabilidad de copia de búfer sin verificar el tamaño de la entrada ('desbordamiento de búfer clásico') que podría permitir que un usuario con acceso a la interfaz web del dispositivo cause una falla en el dispositivo al enviar una solicitud HTTP con f... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-37039
https://notcve.org/view.php?id=CVE-2024-37039
12 Jun 2024 — CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request. CWE-252: Existe una vulnerabilidad de valor de retorno no verificado que podría causar denegación de servicio del dispositivo cuando un atacante envía una solicitud HTTP especialmente manipulada. CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf • CWE-252: Unchecked Return Value •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-37037
https://notcve.org/view.php?id=CVE-2024-37037
12 Jun 2024 — CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request. CWE-22: Existe una vulnerabilidad de limitación inadecuada de un nombre de ruta a un directorio restringido ("Path Traversal") que podría permitir que un usuario autenticado con acceso a la interfaz web del dispositivo corrompa archivos ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-37036
https://notcve.org/view.php?id=CVE-2024-37036
12 Jun 2024 — CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set. CWE-787: Existe una vulnerabilidad de escritura fuera de los límites que podría provocar una omisión de autenticación al enviar una solicitud POST con formato incorrecto y se establecen parámetros de configuración particulares. CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-5560
https://notcve.org/view.php?id=CVE-2024-5560
12 Jun 2024 — CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request. CWE-125: Existe una vulnerabilidad de lectura fuera de los límites que podría causar denegación de servicio de la interfaz web del dispositivo cuando un atacante envía una solicitud HTTP especialmente manipulada. CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attack... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf • CWE-125: Out-of-bounds Read •
CVSS: 5.8EPSS: 3%CPEs: 21EXPL: 0CVE-2015-3963
https://notcve.org/view.php?id=CVE-2015-3963
04 Aug 2015 — Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. Vulnerabilidad en Wind River VxWorks en versiones anteriores a 5.5.1, 6.5.x hasta la versión 6.7.x en versiones anteriores a... • http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-6143
https://notcve.org/view.php?id=CVE-2013-6143
31 Jan 2014 — The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via malformed DNP3 traffic. El Schneider Electric Telvent SAGE 3030 RTU con filmware C3413-500-001D3_P4 y C3413-500-001F0_PB permite a atacantes remotos causar una denegación de servicio (interrupción temporal y consumo de CPU) a través de tráfico DNP3 malformado. • http://ics-cert.us-cert.gov/advisories/ICSA-14-006-01 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •