CVE-2024-12142

CVE-2024-12142

CVSS 8.8 HIGHEPSS 0.3%CWE-200

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure of restricted web page, modification of web page and denial of service when specific web pages are modified and restricted functions are invoked.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Productos afectados

Schneider Electric · BMXNOE0100 Schneider Electric · BMXNOE0110 Schneider Electric · BMXNOR0200H Schneider Electric · Modicon M340 processors (part numbers BMXP34*)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-05.pdf