CVE-2024-5056

Summary

CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricModicon M340All versionsaffected
Schneider ElectricNetwork module, Modicon M340, Modbus/TCP BMXNOE0100All versionsaffected
Schneider ElectricNetwork module, Modicon M340, Ethernet TCP/IP BMXNOE0110All Versionsaffected

Weaknesses

  • CWE-552: CWE-552 Files or Directories Accessible to External Parties

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References