CVE-2024-37036

Description

CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Schneider Electric / Sage 1410Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 1430Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 1450Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 2400Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 3030 MagnumVersions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 4400Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior

References

MISChttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf