CVE-2024-41156

Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with higher privilege of write access.

CVSS v3 2.7 LOW

2.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147&LanguageCode=en&DocumentPartId=&Action=launch	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hitachienergy:tro610_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hitachienergy:tro610:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:hitachienergy:tro620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hitachienergy:tro620:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:hitachienergy:tro670_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hitachienergy:tro670:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-10-29 13:15

Updated : 2024-12-05 15:29

NVD link : CVE-2024-41156

Mitre link : CVE-2024-41156

CVE.ORG link : CVE-2024-41156

JSON object : View

Products Affected

hitachienergy

tro610
tro610_firmware
tro670
tro670_firmware
tro620_firmware
tro620

CWE

CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer

{"id": "CVE-2024-41156", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2024-10-29T13:15:04.847", "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147&LanguageCode=en&DocumentPartId=&Action=launch", "tags": ["Vendor Advisory"], "source": "cybersecurity@hitachienergy.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "description": [{"lang": "en", "value": "CWE-212"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-212"}]}], "descriptions": [{"lang": "en", "value": "Profile files from TRO600 series radios are extracted in plain-text\nand encrypted file formats. Profile files provide potential attackers\nvaluable configuration information about the Tropos network. Profiles\ncan only be exported by authenticated users with higher privilege of write access."}, {"lang": "es", "value": " Los archivos de perfil de las radios de la serie TRO600 se extraen en formato de texto plano y en formato de archivo cifrado. Los archivos de perfil proporcionan a los posibles atacantes informaci\u00f3n valiosa sobre la configuraci\u00f3n de la red Tropos. Los perfiles solo pueden ser exportados por usuarios autenticados con acceso de escritura."}], "lastModified": "2024-12-05T15:29:31.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hitachienergy:tro610_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5C2D2E0-5383-44E5-B8C6-C743503A8E51", "versionEndExcluding": "9.2.0.5", "versionStartIncluding": "9.1.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hitachienergy:tro610:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B3A46C6E-9314-40EB-A8BE-0D3A26B5FE4C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hitachienergy:tro620_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BE01813-8087-4E9B-8B2B-FF813C0E9506", "versionEndExcluding": "9.2.0.5", "versionStartIncluding": "9.1.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hitachienergy:tro620:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DC979E74-6316-4BED-87A6-4DC9B9747E0F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hitachienergy:tro670_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6A94F87-2875-46C9-8BD3-BE3EA9F71648", "versionEndExcluding": "9.2.0.5", "versionStartIncluding": "9.1.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hitachienergy:tro670:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E84F6910-1D58-4AE7-94EF-797C9BD52690"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@hitachienergy.com"}