All the vulnerabilites related to Yokogawa Rental & Lease Corporation - Unifier Cast
cve-2024-36246
Vulnerability from cvelistv5
Published
2024-05-31 06:11
Modified
2024-08-15 16:40
Severity ?
EPSS score ?
Summary
Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and the patch "20240527" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN17680667/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:yokogawa_rental_lease_corporation:unifier:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifier",
"vendor": "yokogawa_rental_lease_corporation",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:yokogawa_rental_lease_corporation:unifier_cast:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifier_cast",
"vendor": "yokogawa_rental_lease_corporation",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T16:05:50.833315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T16:40:23.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Unifier",
"vendor": "Yokogawa Rental \u0026 Lease Corporation",
"versions": [
{
"status": "affected",
"version": "Version.5.0 or later"
},
{
"status": "affected",
"version": " and the patch \"20240527\" not applied"
}
]
},
{
"product": "Unifier Cast ",
"vendor": "Yokogawa Rental \u0026 Lease Corporation",
"versions": [
{
"status": "affected",
"version": "Version.5.0 or later"
},
{
"status": "affected",
"version": " and the patch \"20240527\" not applied"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and the patch \"20240527\" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-31T06:11:22.238Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html"
},
{
"url": "https://jvn.jp/en/jp/JVN17680667/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36246",
"datePublished": "2024-05-31T06:11:22.238Z",
"dateReserved": "2024-05-22T04:37:30.990Z",
"dateUpdated": "2024-08-15T16:40:23.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23847
Vulnerability from cvelistv5
Published
2024-05-31 06:11
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
Incorrect default permissions issue exists in Unifier and Unifier Cast Version.5.0 or later, and the patch "20240527" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:yokogawa_rental_lease_corporation:unifier:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unifier",
"vendor": "yokogawa_rental_lease_corporation",
"versions": [
{
"lessThan": "5.10",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23847",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:05:15.775654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T18:24:08.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN17680667/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unifier",
"vendor": "Yokogawa Rental \u0026 Lease Corporation",
"versions": [
{
"status": "affected",
"version": "Version.5.0 or later"
},
{
"status": "affected",
"version": " and the patch \"20240527\" not applied"
}
]
},
{
"product": "Unifier Cast ",
"vendor": "Yokogawa Rental \u0026 Lease Corporation",
"versions": [
{
"status": "affected",
"version": "Version.5.0 or later"
},
{
"status": "affected",
"version": " and the patch \"20240527\" not applied"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions issue exists in Unifier and Unifier Cast Version.5.0 or later, and the patch \"20240527\" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-31T06:11:15.428Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html"
},
{
"url": "https://jvn.jp/en/jp/JVN17680667/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23847",
"datePublished": "2024-05-31T06:11:15.428Z",
"dateReserved": "2024-01-23T07:00:54.325Z",
"dateUpdated": "2024-08-01T23:13:08.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2024-000053
Vulnerability from jvndb
Published
2024-05-28 14:47
Modified
2024-05-28 14:47
Severity ?
Summary
Multiple vulnerabilities in Unifier and Unifier Cast
Details
Unifier and Unifier Cast provided by Yokogawa Rental & Lease Corporation contains multiple vulnerabilities listed below.
<ul>
<li><b>Incorrect Default Permissions configured by Cast Launcher (<a href="https://cwe.mitre.org/data/definitions/276.html">CWE-276</a>)</b> - CVE-2024-23847
</li>
<li><b>Missing Authorization for coejobhook Command Execution (<a href="https://cwe.mitre.org/data/definitions/862.html">CWE-862</a>)</b> - CVE-2024-36246
</li>
</ul>
CVE-2024-23847
Yokogawa Rental & Lease Corporation reported this vulnerability to IPA to notify users of its solution through JVN.
JPCERT/CC and Yokogawa Rental & Lease Corporation coordinated under the Information Security Early Warning Partnership.
CVE-2024-36246
Taisei Ogura of MOTEX Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000053.html",
"dc:date": "2024-05-28T14:47+09:00",
"dcterms:issued": "2024-05-28T14:47+09:00",
"dcterms:modified": "2024-05-28T14:47+09:00",
"description": "Unifier and Unifier Cast provided by Yokogawa Rental \u0026 Lease Corporation contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\t\u003cli\u003e\u003cb\u003eIncorrect Default Permissions configured by Cast Launcher (\u003ca href=\"https://cwe.mitre.org/data/definitions/276.html\"\u003eCWE-276\u003c/a\u003e)\u003c/b\u003e - CVE-2024-23847\r\n\t\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eMissing Authorization for coejobhook Command Execution (\u003ca href=\"https://cwe.mitre.org/data/definitions/862.html\"\u003eCWE-862\u003c/a\u003e)\u003c/b\u003e - CVE-2024-36246\r\n\t\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nCVE-2024-23847\r\nYokogawa Rental \u0026 Lease Corporation reported this vulnerability to IPA to notify users of its solution through JVN.\r\nJPCERT/CC and Yokogawa Rental \u0026 Lease Corporation coordinated under the Information Security Early Warning Partnership.\r\n\r\nCVE-2024-36246\r\nTaisei Ogura of MOTEX Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000053.html",
"sec:cpe": [
{
"#text": "cpe:/a:yrl:yokogawa_renta_unifier",
"@product": "Unifier",
"@vendor": "Yokogawa Rental \u0026 Lease Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:yrl:yokogawa_renta_unifier_cast",
"@product": "Unifier Cast",
"@vendor": "Yokogawa Rental \u0026 Lease Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000053",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN17680667/index.html",
"@id": "JVN#17680667",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23847",
"@id": "CVE-2024-23847",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36246",
"@id": "CVE-2024-36246",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Unifier and Unifier Cast"
}