File Accessibility Issue in Schneider Electric Products
CVE-2024-5056

6.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Modicon M340 Firmware
Vendor: CVE Published:; 12 June 2024

Summary

A vulnerability exists in various Schneider Electric products that allows external parties to access files or directories, potentially hindering users from updating device firmware. This issue arises when specific files or directories are removed from the filesystem, leading to problematic webserver behavior and user experience. Addressing this vulnerability is crucial for maintaining the integrity and functionality of the affected systems.

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 12, 2024