Sensitive Information Exposure in Schneider Electric Web Products
CVE-2024-12142

8.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M340 Processors (part Numbers Bmxp34*); Bmxnoe0100; Bmxnoe0110; Bmxnor0200h
Vendor: CVE Published:; 17 January 2025

Summary

A vulnerability exists within Schneider Electric’s web products that allows unauthorized users to access sensitive information. This exposure could lead to information disclosure of restricted web pages, and potentially allow modifications to such pages. In certain scenarios, the vulnerability may also result in denial of service if restricted functions are improperly invoked. It is crucial for organizations using Schneider Electric's web products to assess their security measures and address any potential risks associated with this vulnerability.

Affected Version(s)

BMXNOE0100 All versions

BMXNOE0110 All Versions

BMXNOR0200H Versions prior to SV1.70IR26

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 17, 2025
Vulnerability Reserved
Dec 4, 2024