1. Home
  2. CVE Database
  3. CVE-2024-5056
MEDIUM · 6.5

CVE-2024-5056

CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files ...

Vulnerability Description

CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
Schneider-ElectricModicon M340 FirmwareAll versions
Schneider-ElectricModicon M340All versions
Schneider-ElectricBmxnoe0100 FirmwareAll versions
Schneider-ElectricBmxnoe0100All versions
Schneider-ElectricBmxnoe0110 FirmwareAll versions
Schneider-ElectricBmxnoe0110All versions

Related Weaknesses (CWE)

CWE-552

References

FAQ

What is CVE-2024-5056?

CVE-2024-5056 is a vulnerability with a CVSS score of 6.5 (MEDIUM). CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files ...

How severe is CVE-2024-5056?

CVE-2024-5056 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-5056?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M340 Firmware, Schneider-Electric Modicon M340, Schneider-Electric Bmxnoe0100 Firmware, Schneider-Electric Bmxnoe0100, Schneider-Electric Bmxnoe0110 Firmware.