Lucene search
Japan Vulnerability NotesJVN:17680667HistoryMay 28, 2024 - 12:00 a.m.
JVN#17680667: Multiple vulnerabilities in Unifier and Unifier Cast
2024-05-2800:00:00
Japan Vulnerability Notes
jvn.jp
9
yokogawa rental & lease corporation
unifier
unifier cast
arbitrary code execution
localsystem privilege
patch application
data modification
data deletion
Unifier and Unifier Cast provided by Yokogawa Rental & Lease Corporation contains multiple vulnerabilities listed below.
Incorrect Default Permissions configured by Cast Launcher (CWE-276) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-23847Missing Authorization for coejobhook Command Execution (CWE-862) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2024-36246
Impact
An arbitrary code may be executed with LocalSystem privilege.
As a result, a malicious program may be installed, data may be modified or deleted.
Solution
Apply the patch
Apply the patch according to the information provided by the developer.
For more information, refer to the information provided by the developer.
Products Affected
- Unifier Version.5.0 or later, and the patch “20240527” not applied
- Unifier Cast Version.5.0 or later, and the patch “20240527” not applied
Related
nvd
nvd
CVE-2024-36246
2024-05-31 06:15:12
CVE-2024-23847
2024-05-31 06:15:10
cve
cve
CVE-2024-36246
2024-05-31 06:15:12
CVE-2024-23847
2024-05-31 06:15:10
cvelist
cvelist
CVE-2024-23847
2024-05-31 06:11:15
CVE-2024-36246
2024-05-31 06:11:22
vulnrichment
vulnrichment
CVE-2024-23847
2024-05-31 06:11:15