Lucene search

Hitachi EnergyVULNRICHMENT:CVE-2024-28023

HistoryJun 11, 2024 - 1:55 p.m.

CVE-2024-28023

2024-06-1113:55:56

CWE-259

Hitachi Energy

github.com

vulnerability

message queueing

resource exposure

code execution

sensitive information

CVSS3

5.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

AI Score

7.2

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A vulnerability exists in the message queueing mechanism that if
exploited can lead to the exposure of resources or functionality to
unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.

CNA Affected

[
  {
    "vendor": "Hitachi Energy",
    "product": "FOXMAN-UN",
    "versions": [
      {
        "status": "affected",
        "version": "FOXMAN-UN R16B PC2"
      },
      {
        "status": "unaffected",
        "version": "FOXMAN-UN R16B PC3",
        "versionType": "custom",
        "lessThanOrEqual": "FOXMAN-UN R16B PC4"
      },
      {
        "status": "affected",
        "version": "FOXMAN-UN R15B PC4"
      },
      {
        "status": "unaffected",
        "version": "FOXMAN-UN R15B PC5"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Hitachi Energy",
    "product": "UNEM",
    "versions": [
      {
        "status": "affected",
        "version": "UNEM R16B PC2"
      },
      {
        "status": "unaffected",
        "version": "UNEM R16B PC3",
        "versionType": "custom",
        "lessThanOrEqual": "UNEM R16B PC4"
      },
      {
        "status": "affected",
        "version": "UNEM R15B PC4"
      },
      {
        "status": "unaffected",
        "version": "UNEM R15B PC4"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true