Vulnerabilities > CVE-2024-6528 - Unspecified vulnerability in Schneider-Electric products

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

schneider-electric

NVD

Published: 2024-07-11

Updated: 2024-11-21

Summary

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload.

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Modicon M241 Firmware * Schneider Electric Modicon M251 Firmware * Schneider Electric Modicon M258 Firmware * Schneider Electric Modicon M262 Firmware * Schneider Electric Modicon Lmc058 Firmware *	5
Hardware	Schneider-Electric Schneider Electric Modicon M241 - Schneider Electric Modicon M251 - Schneider Electric Modicon M258 - Schneider Electric Modicon M262 - Schneider Electric Modicon Lmc058 -	5

Summary

Vulnerable Configurations

References