PatchSiren cyber security CVE debrief
CVE-2024-37040 Schneider Electric CVE debrief
CVE-2024-37040 is a medium-severity buffer overflow in Schneider Electric Sage RTU devices. A user with access to the device’s web interface can send a malformed HTTP request and cause a fault on the device. Schneider Electric lists firmware C3414-500-S02K5_P9 as the fix for affected Sage 1410, 1430, 1450, 2400, 3030 Magnum, and 4400 products.
- Vendor
- Schneider Electric
- Product
- Sage 1410
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2024-07-09
- Advisory published
- 2024-06-11
- Advisory updated
- 2024-07-09
Who should care
OT/ICS operators, plant engineers, and administrators responsible for Schneider Electric Sage RTU deployments, especially where the device web interface is reachable.
Technical summary
The issue is described as CWE-120, a classic buffer overflow caused by copying input without checking size. Per the CISA CSAF advisory, the affected products are Schneider Electric Sage 1410, 1430, 1450, 2400, 3030 Magnum, and 4400 versions C3414-500-S02K5_P8 and prior. The reported impact is that a user with web interface access can trigger a device fault by sending a malformed HTTP request. The published CVSS 3.1 vector is AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L, with a base score of 5.4.
Defensive priority
Medium; prioritize updating exposed Sage RTU web interfaces to the fixed firmware version and limit access until patching is complete.
Recommended defensive actions
- Upgrade affected Sage RTU devices from C3414-500-S02K5_P8 and earlier to firmware C3414-500-S02K5_P9.
- Restrict access to the device web interface to trusted management networks and authorized users only.
- Verify which Sage 1410/1430/1450/2400/3030 Magnum/4400 devices are affected in your environment and schedule remediation.
- Monitor for unexpected device faults or service interruptions that could indicate malformed-request triggering.
- Follow Schneider Electric’s remediation guidance and CISA ICS recommended practices for defensive segmentation and access control.
Evidence notes
The source corpus identifies CVE-2024-37040 in CISA CSAF advisory ICSA-25-107-02 (Schneider Electric Sage Series). Revision history shows the original release on 2024-06-11, mitigation information added the same day, and a 2024-07-09 update that added a direct remediation link. The affected versions are listed as C3414-500-S02K5_P8 and prior, and the remediation lists firmware C3414-500-S02K5_P9 as the fixed release. The advisory describes the impact as a device fault triggered through a malformed HTTP request sent via the web interface.
Official resources
-
CVE-2024-37040 CVE record
CVE.org
-
CVE-2024-37040 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2024-06-11 in the CISA CSAF advisory; revised on 2024-07-09 to add a direct remediation link.