PatchSiren cyber security CVE debrief
CVE-2024-37038 Schneider Electric CVE debrief
CVE-2024-37038 affects multiple Schneider Electric Sage RTU products and is rated High (CVSS 7.5). According to the CISA CSAF advisory and Schneider Electric notice, an authenticated user with access to the device’s web interface could craft custom web requests to perform unauthorized file and firmware uploads. Schneider Electric states that firmware C3414-500-S02K5_P9 fixes the issue for the affected Sage families.
- Vendor
- Schneider Electric
- Product
- Sage 1410
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2024-07-09
- Advisory published
- 2024-06-11
- Advisory updated
- 2024-07-09
Who should care
OT/ICS teams responsible for Schneider Electric Sage 1410, 1430, 1450, 2400, 3030 Magnum, and 4400 devices; administrators who manage device web interfaces; and maintenance personnel with authenticated access to these systems.
Technical summary
The advisory describes a CWE-276 incorrect default permissions issue in the device web interface. The affected products are Schneider Electric Sage 1410, 1430, 1450, 2400, 3030 Magnum, and 4400 versions C3414-500-S02K5_P8 and prior. The reported impact is unauthorized file and firmware uploads via custom web requests by an authenticated web user. The supplied CVSS vector is CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.
Defensive priority
High priority for exposed OT environments, especially where Sage devices are reachable by operators or maintenance accounts. The remediation is straightforward and vendor-provided, but the affected surface includes firmware management paths, so delay increases risk to integrity and availability of field devices.
Recommended defensive actions
- Upgrade affected devices to firmware C3414-500-S02K5_P9 as provided by Schneider Electric.
- Inventory Sage 1410, 1430, 1450, 2400, 3030 Magnum, and 4400 devices to confirm whether any are on C3414-500-S02K5_P8 or earlier.
- Restrict access to the device web interface to only approved administrative networks and users.
- Review authentication and authorization settings for upload and firmware-management functions.
- Audit device and management logs for unexpected file or firmware upload activity.
- Follow CISA industrial control system defensive guidance and apply least-privilege access controls.
Evidence notes
All substantive claims in this debrief are drawn from the supplied CISA CSAF source item and the Schneider Electric remediation references. The source metadata lists the affected product versions, impact statement, remediation firmware, published date (2024-06-11), and modified date (2024-07-09). No exploitation, KEV listing, or ransomware association is provided in the supplied corpus.
Official resources
-
CVE-2024-37038 CVE record
CVE.org
-
CVE-2024-37038 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2024-06-11 and updated on 2024-07-09 when a direct remediation link was added. The supplied corpus does not indicate KEV inclusion or known ransomware use.