CVE-2024-12142 Overview
CVE-2024-12142 is an information exposure vulnerability classified under [CWE-200]: Exposure of Sensitive Information to an Unauthorized Actor. The flaw allows unauthorized actors to access restricted web pages, modify web page content, and trigger denial-of-service conditions when specific pages are altered and restricted functions are invoked. The vulnerability was disclosed by Schneider Electric in security notice SEVD-2025-014-05. Network-based exploitation requires no authentication and no user interaction, increasing the exposure for any affected device reachable from untrusted networks.
Critical Impact
Remote unauthenticated attackers can disclose restricted web content, tamper with web pages, and disrupt device availability.
Affected Products
- Schneider Electric product covered under advisory SEVD-2025-014-05 (see vendor advisory for affected models and firmware ranges)
Discovery Timeline
- 2025-01-17 - CVE-2024-12142 published to the National Vulnerability Database
- 2026-04-15 - Last updated in NVD database
Technical Details for CVE-2024-12142
Vulnerability Analysis
The vulnerability stems from inadequate access controls on restricted web resources hosted by the affected device. An unauthenticated remote attacker can reach web pages and functions that should require authorization. Successful interaction with these endpoints yields three distinct outcomes: disclosure of restricted page content, unauthorized modification of web pages, and denial of service when specific restricted functions are invoked. The vulnerability is reachable over the network with low attack complexity and no privileges required, which makes any device exposing its web interface to untrusted segments a viable target. Schneider Electric documents the affected products and conditions in advisory SEVD-2025-014-05.
Root Cause
The root cause is missing or improperly enforced authorization checks on sensitive web endpoints. The application exposes restricted pages and functions without validating that the requester holds the necessary privileges, aligning with the [CWE-200] weakness pattern. As a result, controls intended to gate access are effectively absent for the impacted URIs.
Attack Vector
An attacker sends crafted HTTP requests to the device's embedded web server. Because no authentication is required, the attacker can request restricted pages directly, submit modifications to web content, or invoke restricted functions that lead to service disruption. Refer to the Schneider Electric Security Notice for the specific endpoints and operational conditions described by the vendor.
Detection Methods for CVE-2024-12142
Indicators of Compromise
- Unauthenticated HTTP requests to administrative or restricted URIs on the device's embedded web server.
- Unexpected modifications to device web page content or configuration captured in change logs.
- Device web interface becoming unresponsive following access to specific restricted functions.
Detection Strategies
- Inspect web server access logs for requests to restricted paths originating from sources that did not complete authentication.
- Correlate device availability incidents with preceding HTTP traffic targeting the same management interface.
- Compare current web page content and configuration against known-good baselines to identify unauthorized modifications.
Monitoring Recommendations
- Forward device web server and audit logs to a centralized log platform for retention and search.
- Alert on spikes of HTTP 200 responses to administrative URIs from unauthenticated sessions.
- Monitor network segments containing operational technology assets for new or unexpected connections to device web interfaces.
How to Mitigate CVE-2024-12142
Immediate Actions Required
- Review the Schneider Electric Security Notice SEVD-2025-014-05 to identify affected products and firmware in your environment.
- Restrict network access to the device web interface to authorized management hosts only.
- Apply vendor-provided remediation as soon as it is available for your deployment.
Patch Information
Schneider Electric publishes remediation details and fixed versions in advisory SEVD-2025-014-05. Operators should consult the advisory for product-specific patch availability, upgrade procedures, and any compensating controls recommended by the vendor.
Workarounds
- Place affected devices behind a firewall and deny inbound traffic to their web management ports from untrusted networks.
- Segment operational technology networks from corporate and internet-facing zones, allowing management access only through jump hosts.
- Disable the embedded web server on devices that do not require it for operations, where the product supports this option.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
