Filtered by vendor Schneider-electric Subscriptions
Filtered by product Sage 3030 Magnum Subscriptions
Total 7 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-37036 1 Schneider-electric 7 Sage 1410, Sage 1430, Sage 1450 and 4 more 2024-08-14 9.8 Critical
CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set.
CVE-2015-3963 2 Schneider-electric, Windriver 14 Sage 1210, Sage 1230, Sage 1250 and 11 more 2024-08-06 N/A
Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.
CVE-2024-37040 1 Schneider-electric 7 Sage 1410, Sage 1430, Sage 1450 and 4 more 2024-08-02 5.4 Medium
CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request.
CVE-2024-37037 1 Schneider-electric 7 Sage 1410, Sage 1430, Sage 1450 and 4 more 2024-08-02 8.1 High
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request.
CVE-2024-37039 1 Schneider-electric 7 Sage 1410, Sage 1430, Sage 1450 and 4 more 2024-08-02 5.9 Medium
CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request.
CVE-2024-37038 1 Schneider-electric 7 Sage 1410, Sage 1430, Sage 1450 and 4 more 2024-08-02 7.5 High
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.
CVE-2024-5560 1 Schneider-electric 7 Sage 1410, Sage 1430, Sage 1450 and 4 more 2024-08-01 5.3 Medium
CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request.