Main Vulnerability Database Vulnerabilities #VU103694

#VU103694 Information disclosure in Schneider Electric products - CVE-2024-12142

Published: February 7, 2025

Vulnerability identifier: #VU103694

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-12142

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Modicon M340
BMXNOE0100
BMXNOE0110
BMXNOR0200H

Software vendor:
Schneider Electric

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system, leading to modification of web page and denial of service (DoS) condition.

Remediation

Install updates from vendor's website.

External links

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-05.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-06

#VU103694 Information disclosure in Schneider Electric products - CVE-2024-12142

Description

Remediation

External links

Please verify you're human