Vulnerability Description
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicon M241 Firmware | All versions |
| Schneider-Electric | Modicon M241 | - |
| Schneider-Electric | Modicon M251 Firmware | All versions |
| Schneider-Electric | Modicon M251 | - |
| Schneider-Electric | Modicon M258 Firmware | All versions |
| Schneider-Electric | Modicon M258 | - |
| Schneider-Electric | Modicon M262 Firmware | All versions |
| Schneider-Electric | Modicon M262 | - |
| Schneider-Electric | Modicon Lmc058 Firmware | All versions |
| Schneider-Electric | Modicon Lmc058 | - |
Related Weaknesses (CWE)
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-04&p_enDocVendor Advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-04&p_enDocVendor Advisory
FAQ
What is CVE-2024-6528?
CVE-2024-6528 is a vulnerability with a CVSS score of 5.4 (MEDIUM). CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where att...
How severe is CVE-2024-6528?
CVE-2024-6528 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-6528?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M241 Firmware, Schneider-Electric Modicon M241, Schneider-Electric Modicon M251 Firmware, Schneider-Electric Modicon M251, Schneider-Electric Modicon M258 Firmware.