Schneider Electric Issues Urgent Patches for SAGE RTU Vulnerabilities
Schneider Electric, a global specialist in energy management and automation, has released a critical security patch to address multiple vulnerabilities in its SAGE Remote Terminal Unit (RTU) devices. These vulnerabilities, with CVSS scores ranging from 5.3 to 9.8, could potentially allow attackers to bypass authentication, corrupt files, upload unauthorized firmware, and even cause a denial of service.
- CVE-2024-37036 (CVSS 9.8): Out-of-bounds Write Vulnerability
This flaw could lead to an authentication bypass when a malformed POST request is sent with specific configuration parameters. This vulnerability allows for total device compromise, resulting in data loss and operational impacts.
- CVE-2024-37037 (CVSS 8.1): Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)
An authenticated user with web interface access could corrupt files and impact device functionality by sending a crafted HTTP request.
- CVE-2024-37038 (CVSS 7.5): Incorrect Default Permissions
This issue allows an authenticated user to perform unauthorized file and firmware uploads through crafted web requests. - CVE-2024-37039 (CVSS 5.9): Unchecked Return Value
An attacker could cause a denial of service by sending a specially crafted HTTP request.
- CVE-2024-37040 (CVSS 5.4): Buffer Copy without Checking Size of Input (Classic Buffer Overflow)
This flaw could cause a device fault when a malformed HTTP request is sent by a user with web interface access.
- CVE-2024-5560 (CVSS 5.3): Out-of-bounds Read
This vulnerability could lead to a denial of service of the device’s web interface when a specially crafted HTTP request is sent.
The vulnerabilities affect various SAGE RTU models, including 1410, 1430, 1450, 2400, 3030 Magnum, and 4400, with versions C3414-500-S02K5_P8 and prior being particularly susceptible. Successful exploitation could lead to a total compromise of the affected device, resulting in data loss, operational disruption, or performance degradation.
Schneider Electric strongly urges all users of SAGE RTU devices to update their firmware to version C3414-500-S02K5_P9, which includes fixes for these vulnerabilities. The company also recommends following industry best practices for cybersecurity, such as isolating control systems from business networks, implementing physical access controls, and using secure remote access methods.