CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-37037

Medium Severity
SVRS
30/100
CVSSv3
8.1/10
EPSS
0.00635/1

CVE-2024-37037 is a Path Traversal vulnerability that could lead to file corruption. This vulnerability allows an authenticated user to send a crafted HTTP request via the web interface to access restricted directories. While the CVSS score is 8.1 indicating high severity, the SOCRadar Vulnerability Risk Score (SVRS) is 30, suggesting a lower level of immediate threat compared to vulnerabilities with scores above 80. Even though the SVRS is low, successful exploitation can still impact device functionality. Organizations should prioritize patching CVE-2024-37037 based on their specific environment and risk tolerance. This CWE-22 vulnerability highlights the importance of proper input validation and secure coding practices in web applications. Regular security audits are crucial to identify and mitigate such potential threats.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:U
C:N
I:H
A:H
PUBLICATION DATE2024-06-12
LAST MODIFIED2024-07-25
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-37037 is a Path Traversal vulnerability that allows an authenticated user with access to the device's web interface to corrupt files and impact device functionality by sending a crafted HTTP request. The SVRS for this CVE is 38, indicating a moderate risk level.

Key Insights

  • This vulnerability can be exploited by an authenticated user, making it easier for attackers to gain access to the device.
  • The vulnerability can be used to corrupt files and impact device functionality, potentially leading to data loss or system downtime.
  • The vulnerability is not currently being actively exploited, but it is important to patch as soon as possible to prevent potential attacks.

Mitigation Strategies

  • Apply the latest security patches from the vendor.
  • Restrict access to the device's web interface to only authorized users.
  • Implement input validation to prevent attackers from sending crafted HTTP requests.
  • Monitor the device for suspicious activity and take appropriate action if necessary.

Additional Information

  • Threat Actors/APT Groups: None identified
  • Exploit Status: No active exploits published
  • CISA Warnings: None issued
  • In the Wild: No known exploitation

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Schneider Electric Sage Series
CISA2025-04-17
Schneider Electric Sage Series | View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment
us-cert.gov
rss
forum
news
CVE-2024-37037 | Schneider Electric Sage 4400 up to C3414-500-S02K5_P8 HTTP Request path traversal (SEVD-2024-163-05)
vuldb.com2024-06-12
CVE-2024-37037 | Schneider Electric Sage 4400 up to C3414-500-S02K5_P8 HTTP Request path traversal (SEVD-2024-163-05) | A vulnerability was found in Schneider Electric Sage 1410, Sage 1430, Sage 1450, Sage 2400, Sage 3030 Magnum and Sage 4400 up to C3414-500-S02K5_P8. It has been rated as critical. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to path traversal
cve-2024-37037
domains
urls
cves

Social Media

[CVE-2024-37037: HIGH] Vulnerability alert: CWE-22 Path Traversal weakness in device's web interface allows users to manipulate files and disrupt device operations.#cybersecurity,#vulnerability https://t.co/AjUWaCjUSL
0
0
0
CVE-2024-37037 CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the … https://t.co/4nSWWOuJbx
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf

CWE Details

CWE IDCWE NameDescription
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence