Vulnerabilites related to Schneider Electric - Network module, Modicon M340, Modbus/TCP BMXNOE0100
CVE-2024-5056 (GCVE-0-2024-5056)
Vulnerability from cvelistv5
Published
2024-06-12 12:10
Modified
2024-08-01 21:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Summary
CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may
prevent user to update the device firmware and prevent proper behavior of the webserver when
specific files or directories are removed from the filesystem.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Schneider Electric | Modicon M340 |
Version: All versions |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:schneider-electric:modicom_m340_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modicom_m340_firmware",
"vendor": "schneider-electric",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modicom_m340",
"vendor": "schneider-electric",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T14:14:02.243238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T14:17:06.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:10.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Modicon M340",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Network module, Modicon M340, Modbus/TCP BMXNOE0100",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Network module, Modicon M340, Ethernet TCP/IP BMXNOE0110",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nCWE-552: Files or Directories Accessible to External Parties vulnerability exists which may\nprevent user to update the device firmware and prevent proper behavior of the webserver when\nspecific files or directories are removed from the filesystem.\n\n"
}
],
"value": "CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may\nprevent user to update the device firmware and prevent proper behavior of the webserver when\nspecific files or directories are removed from the filesystem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T12:10:43.250Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2024-5056",
"datePublished": "2024-06-12T12:10:43.250Z",
"dateReserved": "2024-05-17T10:06:08.565Z",
"dateUpdated": "2024-08-01T21:03:10.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}