CVE-2024-37036 Schneider Electric CVE debrief

Who should care

Operators and asset owners running Schneider Electric Sage 1410, 1430, 1450, 2400, 3030 Magnum, or 4400 devices, plus OT/ICS teams responsible for patching and access control in industrial environments.

Technical summary

The advisory describes a CWE-787 out-of-bounds write in Sage RTU firmware. When specific configuration parameters are set, sending a malformed POST request can result in authentication bypass. The supplied data assigns CVSS 3.1 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating network-reachable, no-privilege, high-impact exposure if the vulnerable configuration is present.

Defensive priority

Immediate

Recommended defensive actions

• Upgrade affected Sage devices to firmware version C3414-500-S02K5_P9 as provided by Schneider Electric.
• Verify whether any deployed Sage 1410/1430/1450/2400/3030 Magnum/4400 units are at C3414-500-S02K5_P8 or earlier and prioritize those systems.
• Confirm the specific configuration parameters referenced in the advisory are not present on exposed systems until remediation is complete.
• Use Schneider Electric and CISA advisory guidance to plan deployment and validation, and record the remediation status for each affected asset.
• Apply ICS defense-in-depth practices such as limiting management access and segmenting OT assets while remediation is underway.

Evidence notes

Primary evidence comes from CISA CSAF advisory ICSA-25-107-02 and Schneider Electric notice SEVD-2024-163-05. The advisory lists six affected Sage product lines, states the vulnerable versions are C3414-500-S02K5_P8 and earlier, and identifies firmware C3414-500-S02K5_P9 as the remediation. The revision history shows the advisory was originally released on 2024-06-11 and updated on 2024-07-09 to add a direct remediation link.

Official resources