CVE-2024-12142

Summary

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure of restricted web page, modification of web page and denial of service when specific web pages are modified and restricted functions are invoked.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricModicon M340 processors (part numbers BMXP34*)All versionsaffected
Schneider ElectricBMXNOE0100All versionsaffected
Schneider ElectricBMXNOE0110All Versionsaffected
Schneider ElectricBMXNOR0200HVersions prior to SV1.70IR26affected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References