PatchSiren cyber security CVE debrief
CVE-2024-37037 Schneider Electric CVE debrief
CVE-2024-37037 affects Schneider Electric Sage Series RTUs and can let an authenticated user with web-interface access corrupt files and disrupt device functionality by sending a crafted HTTP request. Schneider Electric’s remediation is firmware C3414-500-S02K5_P9 for affected Sage models.
- Vendor
- Schneider Electric
- Product
- Sage 1410
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2024-07-09
- Advisory published
- 2024-06-11
- Advisory updated
- 2024-07-09
Who should care
OT/ICS operators, control engineers, and administrators responsible for Schneider Electric Sage 1410, 1430, 1450, 2400, 3030 Magnum, or 4400 devices, especially where the device web interface is enabled and accessible to authenticated users.
Technical summary
CISA’s CSAF advisory ICSA-25-107-02 and Schneider Electric’s Security and Safety Notice SEVD-2024-163-05 describe a CWE-22 path traversal flaw in Sage Series devices. Affected products include Sage 1410, 1430, 1450, 2400, 3030 Magnum, and 4400 versions C3414-500-S02K5_P8 and prior. The issue requires authentication and access to the device web interface; a crafted HTTP request can corrupt files and affect functionality. The supplied CVSS 3.1 vector is AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H (8.1 High).
Defensive priority
High. Prioritize firmware upgrade to C3414-500-S02K5_P9 for affected Sage devices, and reduce exposure of the web interface until remediation is complete.
Recommended defensive actions
- Inventory Sage RTU deployments and identify any devices running versions C3414-500-S02K5_P8 or earlier.
- Upgrade affected devices to firmware C3414-500-S02K5_P9, which Schneider Electric lists as the fix.
- Restrict access to the device web interface to only trusted administrative users and networks.
- Review and tighten account access controls for any users who can authenticate to the web interface.
- Apply CISA industrial control system recommended practices to support segmentation, access control, and defense in depth.
- Validate operational recovery procedures so file corruption on an affected device can be addressed quickly if needed.
Evidence notes
All findings are taken from the supplied CISA CSAF advisory metadata and the referenced Schneider Electric/CISA official links. The advisory’s revision history shows an original release on 2024-06-11, mitigation language added the same day, and a direct remediation link added on 2024-07-09. No KEV listing was supplied in the provided enrichment.
Official resources
-
CVE-2024-37037 CVE record
CVE.org
-
CVE-2024-37037 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed through CISA CSAF advisory ICSA-25-107-02 and Schneider Electric’s Security and Safety Notice SEVD-2024-163-05. CVE-2024-37037 was published on 2024-06-11 and modified on 2024-07-09.