Details of VAR-202406-0502

ID

VAR-202406-0502

CVE

CVE-2024-5056

TITLE

plural Schneider Electric Vulnerabilities related to externally accessible files or directories in the product

Trust: 0.8

sources: JVNDB: JVNDB-2024-006466

DESCRIPTION

CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. Schneider Electric of Modicon M340 firmware, BMXNOE0100 firmware, BMXNOE0110 Firmware contains vulnerabilities related to externally accessible files or directories.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Schneider Electric Modicon M340 is a medium-range PLC (programmable logic controller) for industrial processes and infrastructure from Schneider Electric, a French company

Trust: 2.16

sources: NVD: CVE-2024-5056 // JVNDB: JVNDB-2024-006466 // CNVD: CNVD-2024-29560

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-29560

AFFECTED PRODUCTS

vendor:	schneider electric	model:	bmxnoe0110	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	bmxnoe0100	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon m340	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon m340	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	bmxnoe0100	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	bmxnoe0110	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric modicon m340	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2024-29560 // JVNDB: JVNDB-2024-006466 // NVD: CVE-2024-5056

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-5056
value:	MEDIUM
Trust: 1.0
cybersecurity@se.com:	CVE-2024-5056
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-5056
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-29560
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-29560
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-5056
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 2.0
NVD:	CVE-2024-5056
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-29560 // JVNDB: JVNDB-2024-006466 // NVD: CVE-2024-5056 // NVD: CVE-2024-5056

PROBLEMTYPE DATA

problemtype:	CWE-552	Trust: 1.0
problemtype:	Externally accessible file or directory (CWE-552) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-006466 // NVD: CVE-2024-5056

PATCH

title:

Patch for Schneider Electric Modicon M340 Denial of Service Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/563691

Trust: 0.6

sources: CNVD: CNVD-2024-29560

EXTERNAL IDS

db:	NVD	id:	CVE-2024-5056	Trust: 3.2
db:	SCHNEIDER	id:	SEVD-2024-163-01	Trust: 2.4
db:	JVNDB	id:	JVNDB-2024-006466	Trust: 0.8
db:	CNVD	id:	CNVD-2024-29560	Trust: 0.6

sources: CNVD: CNVD-2024-29560 // JVNDB: JVNDB-2024-006466 // NVD: CVE-2024-5056

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2024-163-01&p_endoctype=security+and+safety+notice&p_file_name=sevd-2024-163-01.pdf	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-5056	Trust: 0.8

sources: CNVD: CNVD-2024-29560 // JVNDB: JVNDB-2024-006466 // NVD: CVE-2024-5056

SOURCES

db:	CNVD	id:	CNVD-2024-29560
db:	JVNDB	id:	JVNDB-2024-006466
db:	NVD	id:	CVE-2024-5056

LAST UPDATE DATE

2024-08-27T23:03:27.425000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-29560	date:	2024-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2024-006466	date:	2024-08-26T04:43:00
db:	NVD	id:	CVE-2024-5056	date:	2024-08-23T16:04:14.643

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-29560	date:	2024-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2024-006466	date:	2024-08-26T00:00:00
db:	NVD	id:	CVE-2024-5056	date:	2024-06-12T12:15:10.233