CVE-2024-12142 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 8.6
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: Modicon M340 and BMXNOE0100/0110, BMXNOR0200H
Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor
2. RISK EVALUATION
Successful exploitation of this vulnerability could cause information disclosure of a restricted web page, modification of a web page, and a denial of service when specific web pages are modified and restricted functions invoked.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Schneider Electric products, Modicon M340 and BMXNOE0100/0110, BMXNOR0200H, are affected:
Modicon M340 processors (part numbers BMXP34*): All versions
BMXNOE0100: All versions
BMXNOE0110: All versions
BMXNOR0200H: Versions prior to SV1.70IR26
3.2 VULNERABILITY OVERVIEW
3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200
The affected products are vulnerable to an exposure of sensitive information to an unauthorized actor vulnerability, which could cause information disclosure of restricted web page, modification of web page, and denial of service when specific web pages are modified and restricted functions invoked.
CVE-2024-12142 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical Manufacturing, Energy
COUNTRIES/ARE...
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
![]() |
February 4th, 2025 (5 months ago)
|
CVE-2024-45195 |
Description: Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access.
EPSS Score: 75.58%
February 4th, 2025 (5 months ago)
|
CVE-2024-29059 |
Description: Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.
February 4th, 2025 (5 months ago)
|
CVE-2018-9276 |
Description: Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console.
February 4th, 2025 (5 months ago)
|
CVE-2018-19410 |
Description: Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges (including administrator).
February 4th, 2025 (5 months ago)
|
![]() |
Description: As the gateways to corporate networks, VPNs are an attractive target for attackers. Learn from Specops Software about how hackers use compromised VPN passwords and how you can protect your organization. [...]
February 4th, 2025 (5 months ago)
|
![]() |
Description: A 59-year-old man from Irvine, California, was sentenced to 87 months in prison for his involvement in an investor fraud ring that stole $50 million between 2012 and October 2020. [...]
February 4th, 2025 (5 months ago)
|
![]() |
Description: Organizations and development teams need to evolve from "being prepared" to "managing the risk" of security breaches.
February 4th, 2025 (5 months ago)
|
![]() |
Description: A 404 Media reader made a PDF version of the World War II-era manual that's going viral right now.
February 4th, 2025 (5 months ago)
|