CVE-2024-37038

Name of the Vulnerable Software and Affected Versions Schneider Electric Sage versions (affected versions not specified)

Description The issue is related to the default permission settings in the web interface of the Schneider Electric Sage microprogrammed devices for remote lighting and energy control. It allows a remote attacker to upload arbitrary files and embedded software using specially crafted web requests. This is due to incorrect default permissions that could enable an authenticated user with access to the device's web interface to perform unauthorized actions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.