Vulnerabilities > CVE-2024-5056 - Files or Directories Accessible to External Parties vulnerability in Schneider-Electric products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

LOW

network

low complexity

schneider-electric

CWE-552

NVD

Published: 2024-06-12

Updated: 2024-08-23

Summary

CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem.

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Modicon M340 Firmware * Schneider Electric Bmxnoe0100 Firmware * Schneider Electric Bmxnoe0110 Firmware *	3
Hardware	Schneider-Electric Schneider Electric Modicon M340 * Schneider Electric Bmxnoe0100 * Schneider Electric Bmxnoe0110 *	3

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-01.pdf