CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request.
CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request.
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric | Sage 1410 | Versions C3414-500-S02K5_P8 and prior |
| Schneider Electric | Sage 1430 | Versions C3414-500-S02K5_P8 and prior |
| Schneider Electric | Sage 1450 | Versions C3414-500-S02K5_P8 and prior |
| Schneider Electric | Sage 2400 | Versions C3414-500-S02K5_P8 and prior |
| Schneider Electric | Sage 3030 Magnum | Versions C3414-500-S02K5_P8 and prior |
| Schneider Electric | Sage 4400 | Versions C3414-500-S02K5_P8 and prior |
Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.