Vulnerability Details CVE-2024-6528
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting
condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a
page containing the injected payload.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.7%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2024-6528
-
cpe:2.3:h:schneider-electric:modicon_lmc058:-
-
cpe:2.3:h:schneider-electric:modicon_m241:-
-
cpe:2.3:h:schneider-electric:modicon_m251:-
-
cpe:2.3:h:schneider-electric:modicon_m258:-
-
cpe:2.3:h:schneider-electric:modicon_m262:-
-
cpe:2.3:o:schneider-electric:modicon_lmc058_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m241_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m241_firmware:4.0.3.20
-
cpe:2.3:o:schneider-electric:modicon_m241_firmware:5.1.9.1
-
cpe:2.3:o:schneider-electric:modicon_m251_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m251_firmware:4.0.3.20
-
cpe:2.3:o:schneider-electric:modicon_m251_firmware:5.1.9.1
-
cpe:2.3:o:schneider-electric:modicon_m258_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m258_firmware:5.0.4.11
-
cpe:2.3:o:schneider-electric:modicon_m262_firmware:-