Schneider-electric Sage Rtu Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Schneider-electric Sage Rtu Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2024-37036 — CVSS 9.8 (critical): CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and…
CVE-2024-37037 — CVSS 8.1 (high): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an…
CVE-2024-37038 — CVSS 7.5 (high): CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web…
CVE-2024-37039 — CVSS 5.9 (medium): CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially…
CVE-2024-37040 — CVSS 5.4 (medium): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with…
CVE-2024-5560 — CVSS 5.3 (medium): CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends…