Description
CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- low
- Availability
- low
- Weaknesses
- CWE-552
Metadata
- Primary Vendor
- SCHNEIDER-ELECTRIC
- Published
- 6/12/2024
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
schneider-electric : modicon_m340_firmwareschneider-electric : bmxnoe0100_firmwareschneider-electric : bmxnoe0110_firmware
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.