CPE-107CCFC1-BC78-4F6E-B0B4-4A362E4BEBB9 Détail

CPE Details

Schneider Electric Sage 2400

Vendor

schneider-electric

Product

sage_2400

Version

Created

2018-09-24
13h49 +00:00

Modifié

2018-09-24
13h49 +00:00

Liens officiels

CPE NVD

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Gestion des notifications

Liste des Notifications

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

CPE ID

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

CPE Name: cpe:2.3:h:schneider-electric:sage_2400:-:::::::*

Informations

Vendor

schneider-electric

Product

sage_2400

Version

Related CVE

Open and find in CVE List

CVE ID	Publié	Description	Score	Gravité
CVE-2024-37040	2024-06-12 16h56 +00:00	CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request.	8.1	Haute
CVE-2024-37039	2024-06-12 16h54 +00:00	CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request.	7.5	Haute
CVE-2024-37038	2024-06-12 16h51 +00:00	CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.	8.8	Haute
CVE-2024-37037	2024-06-12 16h50 +00:00	CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request.	8.1	Haute
CVE-2024-37036	2024-06-12 16h48 +00:00	CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set.	9.8	Critique
CVE-2024-5560	2024-06-12 16h45 +00:00	CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request.	7.5	Haute
CVE-2015-6485	2016-03-12 01h00 +00:00	Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet.	5.3	Moyen
CVE-2015-3963	2015-08-03 23h00 +00:00	Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.	5.8

Schneider Electric Sage 2400

CPE Details

CPE Name: cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:h:schneider-electric:sage_2400:-:::::::*