CVE-2024-23847

2024-05-3106:15:10

[email protected]

web.nvd.nist.gov

cve-2024-23847

unifier

unifier cast

default permissions

arbitrary code execution

localsystem privilege

malicious program

data modification

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Incorrect default permissions issue exists in Unifier and Unifier Cast Version.5.0 or later, and the patch “20240527” not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted.

Affected configurations

Vulners

Node

yokogawa_rental_\&_lease_corporationunifierMatch.5.0

yokogawa_rental_\&_lease_corporationunifierMatch20240527

yokogawa_rental_\&_lease_corporationunifier_castMatch.5.0

yokogawa_rental_\&_lease_corporationunifier_castMatch20240527

CNA Affected

[
  {
    "vendor": "Yokogawa Rental & Lease Corporation",
    "product": "Unifier",
    "versions": [
      {
        "version": "Version.5.0 or later",
        "status": "affected"
      },
      {
        "version": " and the patch \"20240527\" not applied",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Yokogawa Rental & Lease Corporation",
    "product": "Unifier Cast ",
    "versions": [
      {
        "version": "Version.5.0 or later",
        "status": "affected"
      },
      {
        "version": " and the patch \"20240527\" not applied",
        "status": "affected"
      }
    ]
  }
]