CVE-2024-2012

vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true	Vendor Advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hitachienergy:foxman-un:r15a:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r15b:pc4::::::
	cpe:2.3:a:hitachienergy:foxman-un:r16a:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r16b:pc2::::::
	cpe:2.3:a:hitachienergy:unem:r15a:::::::*
	cpe:2.3:a:hitachienergy:unem:r15b:pc4::::::
	cpe:2.3:a:hitachienergy:unem:r15b:pc5::::::
	cpe:2.3:a:hitachienergy:unem:r16a:::::::*
	cpe:2.3:a:hitachienergy:unem:r16b:pc2::::::

History

No history.

Information

Published : 2024-06-11 14:15

Updated : 2024-11-21 09:08

NVD link : CVE-2024-2012

Mitre link : CVE-2024-2012

CVE.ORG link : CVE-2024-2012

JSON object : View

Products Affected

hitachienergy

unem
foxman-un

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

NVD-CWE-noinfo

{"id": "CVE-2024-2012", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-06-11T14:15:11.273", "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true", "tags": ["Vendor Advisory"], "source": "cybersecurity@hitachienergy.com"}, {"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "description": [{"lang": "en", "value": "CWE-288"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or \ncode to be executed on the UNEM server allowing sensitive data to \nbe read or modified or could cause other unintended behavior"}, {"lang": "es", "value": "Existe una vulnerabilidad en el servidor FOXMAN-UN/UNEM API Gateway que, si se explota, un atacante podr\u00eda usar para permitir que se ejecuten comandos o c\u00f3digos no deseados en el servidor UNEM, lo que permitir\u00eda leer o modificar datos confidenciales o podr\u00eda causar otro comportamiento no deseado."}], "lastModified": "2024-11-21T09:08:48.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r15a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7593C74-2882-45D3-AB32-3A45E3AECAAE"}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r15b:pc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BFAA55C-0815-4ACA-A649-F1F910411885"}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r16a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EE987B2-0620-44BB-AEA7-4E20CBE44822"}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r16b:pc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2009AD7-6DF9-4DFC-B9F2-8632AC037A27"}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E78C9E5B-5876-4F15-A98A-359193287446"}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r15b:pc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73AAF812-D503-4672-98A7-53C332317A30"}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r15b:pc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3071C1DE-77EE-4B40-A382-19A97770D49B"}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7ABB4A53-07A0-4F9A-824B-A1AC71CCB44E"}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r16b:pc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D83E9A04-633A-493B-BD7A-ED28B88A521D"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@hitachienergy.com"}