PatchSiren cyber security CVE debrief
CVE-2024-5560 Schneider Electric CVE debrief
CVE-2024-5560 is a medium-severity denial-of-service issue affecting Schneider Electric Sage Series devices. According to the advisory, a specially crafted HTTP request can trigger an out-of-bounds read in the device’s web interface, potentially making that interface unavailable. Schneider Electric lists firmware C3414-500-S02K5_P9 as the fixed release for the affected Sage models.
- Vendor
- Schneider Electric
- Product
- Sage 1410
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2024-07-09
- Advisory published
- 2024-06-11
- Advisory updated
- 2024-07-09
Who should care
Organizations operating Schneider Electric Sage 1410, 1430, 1450, 2400, 3030 Magnum, or 4400 devices should review this issue, especially if the web interface is used for operations or remote management. Asset owners, OT/ICS administrators, and maintenance teams responsible for firmware lifecycle management should prioritize validation and upgrade planning.
Technical summary
The advisory identifies a CWE-125 out-of-bounds read in the Sage web interface. The CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, indicating network reachability with no privileges or user interaction required and a low availability impact. The affected versions are Schneider Electric Sage 1410, 1430, 1450, 2400, 3030 Magnum, and 4400 versions C3414-500-S02K5_P8 and prior. Schneider Electric states that firmware C3414-500-S02K5_P9 includes the fix, with no restart required.
Defensive priority
Medium priority. The issue is remotely reachable and requires no authentication, but the documented impact is limited to availability of the web interface rather than direct confidentiality or integrity loss.
Recommended defensive actions
- Identify whether any Sage 1410, 1430, 1450, 2400, 3030 Magnum, or 4400 devices are running C3414-500-S02K5_P8 or earlier.
- Plan and apply firmware C3414-500-S02K5_P9 from Schneider Electric for affected devices.
- Confirm the device web interface remains reachable and stable after remediation, following standard maintenance procedures.
- Limit exposure of industrial device management interfaces to trusted networks where feasible, consistent with ICS defensive practices.
- Review Schneider Electric and CISA advisory references for any product-specific deployment guidance before scheduling maintenance.
Evidence notes
All factual statements are drawn from the supplied CISA CSAF advisory for ICSA-25-107-02 and the linked Schneider Electric remediation notice. The source lists the vulnerability as CWE-125 out-of-bounds read, describes a denial-of-service condition in the device web interface caused by a specially crafted HTTP request, identifies the affected Sage product versions, and states that firmware C3414-500-S02K5_P9 is the fix. The advisory was published on 2024-06-11 and modified on 2024-07-09; the later modification notes a direct remediation link.
Official resources
-
CVE-2024-5560 CVE record
CVE.org
-
CVE-2024-5560 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2024-5560 was published on 2024-06-11 and modified on 2024-07-09. The source advisory revision history shows the original release on 2024-06-11, mitigation updates on the same date, and a later revision on 2024-07-09 adding a direct rem