CVE-2024-12142

High

Published: 17 January 2025

Published

17 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS Score 0.0016 37.1th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure of restricted web page, modification of web page and denial of service when specific web pages are modified and restricted functions are invoked.

Security Summary

CVE-2024-12142 is a CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability affecting Schneider Electric products. It enables information disclosure from restricted web pages, modification of web pages, and denial of service when specific web pages are altered and restricted functions are invoked. The vulnerability has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H), indicating high severity due to its network accessibility, low complexity, and lack of prerequisites.

An unauthenticated remote attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to disclose sensitive information from restricted web pages, modify web page content, and cause denial of service, potentially disrupting affected systems.

Schneider Electric has published security advisory SEVD-2025-014-05, available at https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-05.pdf, which provides details on the vulnerability and recommended mitigations.

Details

CWE(s): CWE-200

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-05.pdf
cybersecurity@se.com