CVE-2024-37040 - Vulnerability Details - OpenCVE

CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability
exists that could allow a user with access to the device’s web interface to cause a fault on the
device when sending a malformed HTTP request.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00214.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Sage 1410 Sage 1430 Sage 1450 Sage 2400 Sage 3030 Magnum Sage 4400 Sage Rtu Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:sage_rtu_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:sage_1410:-:::::::*
	cpe:2.3:h:schneider-electric:sage_1430:-:::::::*
	cpe:2.3:h:schneider-electric:sage_1450:-:::::::*
	cpe:2.3:h:schneider-electric:sage_2400:-:::::::*
	cpe:2.3:h:schneider-electric:sage_3030_magnum:-:::::::*
	cpe:2.3:h:schneider-electric:sage_4400:-:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-36407	CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2024-06-12T16:56:06.117Z

Updated: 2024-08-02T03:43:50.968Z

Reserved: 2024-05-31T06:52:05.762Z

Link: CVE-2024-37040

Vulnrichment

Updated: 2024-08-02T03:43:50.968Z

NVD

Status : Modified

Published: 2024-06-12T17:15:51.540

Modified: 2024-11-21T09:23:06.170

Link: CVE-2024-37040

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37040", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "state": "PUBLISHED", "assignerShortName": "schneider", "dateReserved": "2024-05-31T06:52:05.762Z", "datePublished": "2024-06-12T16:56:06.117Z", "dateUpdated": "2024-08-02T03:43:50.968Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sage 1410", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Versions C3414-500-S02K5_P8 and prior"}]}, {"defaultStatus": "unaffected", "product": "Sage 1430", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Versions C3414-500-S02K5_P8 and prior"}]}, {"defaultStatus": "unaffected", "product": "Sage 1450", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Versions C3414-500-S02K5_P8 and prior"}]}, {"defaultStatus": "unaffected", "product": "Sage 2400", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Versions C3414-500-S02K5_P8 and prior"}]}, {"defaultStatus": "unaffected", "product": "Sage 3030 Magnum", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Versions C3414-500-S02K5_P8 and prior"}]}, {"defaultStatus": "unaffected", "product": "Sage 4400", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Versions C3414-500-S02K5_P8 and prior"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\n\n\n\n\n\n\n\n\nCWE-120: Buffer Copy without Checking Size of Input (\u2018Classic Buffer Overflow\u2019) vulnerability\nexists that could allow a user with access to the device\u2019s web interface to cause a fault on the\ndevice when sending a malformed HTTP request.\n\n\n\n\n\n\n\n\n\n\n\n"}], "value": "CWE-120: Buffer Copy without Checking Size of Input (\u2018Classic Buffer Overflow\u2019) vulnerability\nexists that could allow a user with access to the device\u2019s web interface to cause a fault on the\ndevice when sending a malformed HTTP request."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2024-06-12T16:56:06.117Z"}, "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "schneider-electric", "product": "sage_4400", "cpes": ["cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*", "cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*", "cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*", "cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*", "cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*", "cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "c3414-500-s02k5_p8", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T18:27:09.666436Z", "id": "CVE-2024-37040", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T18:34:05.093Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.968Z"}, "title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.968Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37040", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T18:27:09.666436Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*", "cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*", "cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*", "cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*", "cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*", "cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:*"], "vendor": "schneider-electric", "product": "sage_4400", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "c3414-500-s02k5_p8"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T18:27:00.749Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Schneider Electric", "product": "Sage 1410", "versions": [{"status": "affected", "version": "Versions C3414-500-S02K5_P8 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Sage 1430", "versions": [{"status": "affected", "version": "Versions C3414-500-S02K5_P8 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Sage 1450", "versions": [{"status": "affected", "version": "Versions C3414-500-S02K5_P8 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Sage 2400", "versions": [{"status": "affected", "version": "Versions C3414-500-S02K5_P8 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Sage 3030 Magnum", "versions": [{"status": "affected", "version": "Versions C3414-500-S02K5_P8 and prior"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Sage 4400", "versions": [{"status": "affected", "version": "Versions C3414-500-S02K5_P8 and prior"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "CWE-120: Buffer Copy without Checking Size of Input (\u2018Classic Buffer Overflow\u2019) vulnerability\nexists that could allow a user with access to the device\u2019s web interface to cause a fault on the\ndevice when sending a malformed HTTP request.", "supportingMedia": [{"type": "text/html", "value": "\n\n\n\n\n\n\n\n\n\n\n\nCWE-120: Buffer Copy without Checking Size of Input (\u2018Classic Buffer Overflow\u2019) vulnerability\nexists that could allow a user with access to the device\u2019s web interface to cause a fault on the\ndevice when sending a malformed HTTP request.\n\n\n\n\n\n\n\n\n\n\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2024-06-12T16:56:06.117Z"}}}, "cveMetadata": {"cveId": "CVE-2024-37040", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:43:50.968Z", "dateReserved": "2024-05-31T06:52:05.762Z", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "datePublished": "2024-06-12T16:56:06.117Z", "assignerShortName": "schneider"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:sage_rtu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4DDD3DD-576C-404E-A132-D1357936A610", "versionEndExcluding": "c3414-500-s02k5_p9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*", "matchCriteriaId": "02E606BD-92F8-4396-AD13-666D76E1E34D", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*", "matchCriteriaId": "97E29CCC-4E21-411E-80DD-545A66E9B042", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*", "matchCriteriaId": "66759867-027F-4FA6-ABA6-BFDEE49E8F8D", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*", "matchCriteriaId": "AA561E2A-4787-48D7-ABBB-26D0D7D24E6F", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*", "matchCriteriaId": "453696F2-0F4C-4000-A438-F814D0FC3504", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:*", "matchCriteriaId": "6462B366-8F9F-49D6-939A-E73C1D5A707C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "CWE-120: Buffer Copy without Checking Size of Input (\u2018Classic Buffer Overflow\u2019) vulnerability\nexists that could allow a user with access to the device\u2019s web interface to cause a fault on the\ndevice when sending a malformed HTTP request."}, {"lang": "es", "value": "CWE-120: Existe una vulnerabilidad de copia de b\u00fafer sin verificar el tama\u00f1o de la entrada ('desbordamiento de b\u00fafer cl\u00e1sico') que podr\u00eda permitir que un usuario con acceso a la interfaz web del dispositivo cause una falla en el dispositivo al enviar una solicitud HTTP con formato incorrecto."}], "id": "CVE-2024-37040", "lastModified": "2024-11-21T09:23:06.170", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "cybersecurity@se.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-12T17:15:51.540", "references": [{"source": "cybersecurity@se.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "cybersecurity@se.com", "type": "Secondary"}]}