admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-370xx/CVE-2024-37038.json
cad-safe-bot 355b139696 Auto-Update: 2024-07-25T22:00:17.296729+00:00
2024-07-25 22:03:13 +00:00

149 lines
4.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-37038",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2024-06-12T17:15:51.080",
"lastModified": "2024-07-25T20:25:10.287",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated\nuser with access to the device\u2019s web interface to perform unauthorized file and firmware\nuploads when crafting custom web requests."
},
{
"lang": "es",
"value": "CWE-276: Existe una vulnerabilidad de permisos predeterminados incorrectos que podr\u00eda permitir que un usuario autenticado con acceso a la interfaz web del dispositivo realice cargas de archivos y firmware no autorizadas al crear solicitudes web personalizadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cybersecurity@se.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "cybersecurity@se.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:schneider-electric:sage_rtu_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "c3414-500-s02k5_p9",
"matchCriteriaId": "D4DDD3DD-576C-404E-A132-D1357936A610"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02E606BD-92F8-4396-AD13-666D76E1E34D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97E29CCC-4E21-411E-80DD-545A66E9B042"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66759867-027F-4FA6-ABA6-BFDEE49E8F8D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA561E2A-4787-48D7-ABBB-26D0D7D24E6F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*",
"matchCriteriaId": "453696F2-0F4C-4000-A438-F814D0FC3504"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:sage_4400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6462B366-8F9F-49D6-939A-E73C1D5A707C"
}
]
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf",
"source": "cybersecurity@se.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink