ByteOS Network

sage_3030m

Source -

ADPNVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2024-37038

Assigner-Schneider Electric

View Details

Assigner-Schneider Electric

CVSS Score-7.5||HIGH

EPSS-0.21% / 44.04%

7 Day CHG~0.00%

Published-12 Jun, 2024 | 16:51

Updated-02 Aug, 2024 | 03:43

CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.

Product-sage_4400 sage_1410 sage_3030_magnum sage_2400 sage_rtu_firmware sage_1450 sage_1430 Sage 4400 Sage 1450 Sage 1410 Sage 3030 Magnum Sage 1430 Sage 2400 sage_4400 sage_1410 sage_2400 sage_1450 sage_3030m sage_1430

CWE ID-CWE-276

Incorrect Default Permissions

CVE-2015-6485

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

View Details

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

CVSS Score-5.3||MEDIUM

EPSS-0.42% / 60.91%

7 Day CHG~0.00%

Published-12 Mar, 2016 | 02:00

Updated-12 Apr, 2025 | 10:46

Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet.

Vendor-n/a Schneider Electric SE

Product-sage_landac_ii-2 sage_1410 sage_3030m sage_2300 sage_1450 sage_2400 sage_1430 telvent_rtu_firmware n/a

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor