CVE-2024-5056

EPSS 0.13%
Published 12.06.2024 12:15:10
Last modified 21.11.2024 09:46:52
Source cybersecurity@se.com
Teams watchlist Login
Open Login

CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may
prevent user to update the device firmware and prevent proper behavior of the webserver when
specific files or directories are removed from the filesystem.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Modicon M340 Firmware

Schneider-electric ≫ Modicon M340

Schneider-electric ≫ Bmxnoe0100 Firmware

Schneider-electric ≫ Bmxnoe0100

Schneider-electric ≫ Bmxnoe0110 Firmware

Schneider-electric ≫ Bmxnoe0110

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.335

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
cybersecurity@se.com	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-01.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-5056

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-5056

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-5056

EUVD