cvelistv5 - CVE-2024-41156

CVE-2024-41156 (GCVE-0-2024-41156)

Vulnerability from cvelistv5 – Published: 2024-10-29 12:44 – Updated: 2025-01-09 17:15

Summary

Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with higher privilege of write access.

Severity ?

2.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer

Assigner

Hitachi Energy

References

URL

Tags

https://publisher.hitachienergy.com/preview?Docum…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Hitachi Energy	TRO600	Affected: 9.0.1.0 , ≤ 9.2.0.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41156",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-29T13:50:37.518941Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-09T17:15:38.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "TRO600",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "lessThanOrEqual": "9.2.0.0",
              "status": "affected",
              "version": "9.0.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Profile files from TRO600 series radios are extracted in plain-text\nand encrypted file formats. Profile files provide potential attackers\nvaluable configuration information about the Tropos network. Profiles\ncan only be exported by authenticated users with higher privilege of write access.\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Profile files from TRO600 series radios are extracted in plain-text\nand encrypted file formats. Profile files provide potential attackers\nvaluable configuration information about the Tropos network. Profiles\ncan only be exported by authenticated users with higher privilege of write access."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-212",
              "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-04T10:43:00.903Z",
        "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "shortName": "Hitachi Energy"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
    "assignerShortName": "Hitachi Energy",
    "cveId": "CVE-2024-41156",
    "datePublished": "2024-10-29T12:44:58.707Z",
    "dateReserved": "2024-07-16T16:02:30.296Z",
    "dateUpdated": "2025-01-09T17:15:38.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hitachienergy:tro610_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.1.0.0\", \"versionEndExcluding\": \"9.2.0.5\", \"matchCriteriaId\": \"D5C2D2E0-5383-44E5-B8C6-C743503A8E51\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hitachienergy:tro610:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3A46C6E-9314-40EB-A8BE-0D3A26B5FE4C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hitachienergy:tro620_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.1.0.0\", \"versionEndExcluding\": \"9.2.0.5\", \"matchCriteriaId\": \"4BE01813-8087-4E9B-8B2B-FF813C0E9506\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hitachienergy:tro620:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC979E74-6316-4BED-87A6-4DC9B9747E0F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hitachienergy:tro670_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.1.0.0\", \"versionEndExcluding\": \"9.2.0.5\", \"matchCriteriaId\": \"A6A94F87-2875-46C9-8BD3-BE3EA9F71648\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hitachienergy:tro670:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E84F6910-1D58-4AE7-94EF-797C9BD52690\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Profile files from TRO600 series radios are extracted in plain-text\\nand encrypted file formats. Profile files provide potential attackers\\nvaluable configuration information about the Tropos network. Profiles\\ncan only be exported by authenticated users with higher privilege of write access.\"}, {\"lang\": \"es\", \"value\": \" Los archivos de perfil de las radios de la serie TRO600 se extraen en formato de texto plano y en formato de archivo cifrado. Los archivos de perfil proporcionan a los posibles atacantes informaci\\u00f3n valiosa sobre la configuraci\\u00f3n de la red Tropos. Los perfiles solo pueden ser exportados por usuarios autenticados con acceso de escritura.\"}]",
      "id": "CVE-2024-41156",
      "lastModified": "2024-12-05T15:29:31.730",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cybersecurity@hitachienergy.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 2.7, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 2.7, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 1.4}]}",
      "published": "2024-10-29T13:15:04.847",
      "references": "[{\"url\": \"https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch\", \"source\": \"cybersecurity@hitachienergy.com\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cybersecurity@hitachienergy.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"cybersecurity@hitachienergy.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-212\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-212\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-41156\",\"sourceIdentifier\":\"cybersecurity@hitachienergy.com\",\"published\":\"2024-10-29T13:15:04.847\",\"lastModified\":\"2024-12-05T15:29:31.730\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Profile files from TRO600 series radios are extracted in plain-text\\nand encrypted file formats. Profile files provide potential attackers\\nvaluable configuration information about the Tropos network. Profiles\\ncan only be exported by authenticated users with higher privilege of write access.\"},{\"lang\":\"es\",\"value\":\" Los archivos de perfil de las radios de la serie TRO600 se extraen en formato de texto plano y en formato de archivo cifrado. Los archivos de perfil proporcionan a los posibles atacantes informaci\u00f3n valiosa sobre la configuraci\u00f3n de la red Tropos. Los perfiles solo pueden ser exportados por usuarios autenticados con acceso de escritura.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cybersecurity@hitachienergy.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":2.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":2.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"cybersecurity@hitachienergy.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-212\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-212\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hitachienergy:tro610_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.1.0.0\",\"versionEndExcluding\":\"9.2.0.5\",\"matchCriteriaId\":\"D5C2D2E0-5383-44E5-B8C6-C743503A8E51\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hitachienergy:tro610:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3A46C6E-9314-40EB-A8BE-0D3A26B5FE4C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hitachienergy:tro620_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.1.0.0\",\"versionEndExcluding\":\"9.2.0.5\",\"matchCriteriaId\":\"4BE01813-8087-4E9B-8B2B-FF813C0E9506\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hitachienergy:tro620:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC979E74-6316-4BED-87A6-4DC9B9747E0F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hitachienergy:tro670_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.1.0.0\",\"versionEndExcluding\":\"9.2.0.5\",\"matchCriteriaId\":\"A6A94F87-2875-46C9-8BD3-BE3EA9F71648\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hitachienergy:tro670:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E84F6910-1D58-4AE7-94EF-797C9BD52690\"}]}]}],\"references\":[{\"url\":\"https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch\",\"source\":\"cybersecurity@hitachienergy.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-41156\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-29T13:50:37.518941Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-29T13:51:03.632Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-37\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-37 Retrieve Embedded Sensitive Data\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hitachi Energy\", \"product\": \"TRO600\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.2.0.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Profile files from TRO600 series radios are extracted in plain-text\\nand encrypted file formats. Profile files provide potential attackers\\nvaluable configuration information about the Tropos network. Profiles\\ncan only be exported by authenticated users with higher privilege of write access.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Profile files from TRO600 series radios are extracted in plain-text\\nand encrypted file formats. Profile files provide potential attackers\\nvaluable configuration information about the Tropos network. Profiles\\ncan only be exported by authenticated users with higher privilege of write access.\\n\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-212\", \"description\": \"CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer\"}]}], \"providerMetadata\": {\"orgId\": \"e383dce4-0c27-4495-91c4-0db157728d17\", \"shortName\": \"Hitachi Energy\", \"dateUpdated\": \"2024-12-04T10:43:00.903Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-41156\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-09T17:15:38.962Z\", \"dateReserved\": \"2024-07-16T16:02:30.296Z\", \"assignerOrgId\": \"e383dce4-0c27-4495-91c4-0db157728d17\", \"datePublished\": \"2024-10-29T12:44:58.707Z\", \"assignerShortName\": \"Hitachi Energy\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ICSA-24-317-02

Vulnerability from csaf_cisa - Published: 2024-11-12 07:00 - Updated: 2024-11-12 07:00

Summary

Hitachi Energy TRO600

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends. Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with write access.

Critical infrastructure sectors

Energy

Countries/areas deployed

Worldwide

Company headquarters location

Switzerland

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Riley Barello-Myers"
        ],
        "organization": "Idaho National Lab - CyTRICS",
        "summary": "reporting these vulnerabilities to Hitachi Energy"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends. Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with write access. ",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Energy",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Switzerland",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-317-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-317-02.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-24-317-02 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-317-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "Hitachi Energy TRO600",
    "tracking": {
      "current_release_date": "2024-11-12T07:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-317-02",
      "initial_release_date": "2024-11-12T07:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-11-12T07:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=9.0.1.0|\u003c=9.2.0.0",
                "product": {
                  "name": "Hitachi Energy Hitachi Energy TRO600 series firmware versions: \u003e=9.0.1.0|\u003c=9.2.0.0",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Hitachi Energy TRO600 series firmware versions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=9.1.0.0|\u003c=9.2.0.0",
                "product": {
                  "name": "Hitachi Energy Hitachi Energy TRO600 series firmware versions: \u003e=9.1.0.0|\u003c=9.2.0.0",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Hitachi Energy TRO600 series firmware versions"
          }
        ],
        "category": "vendor",
        "name": "Hitachi Energy"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-41153",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41153"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "(CVE-2024-41153) Hitachi Energy TRO600 series firmware versions from 9.1.0.0 to 9.2.0.0 (Edge computing functionality): Update to version 9.2.0.5",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Hitachi Energy has provided the additional following security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network:",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Physically protect process control systems from direct access by unauthorized personnel.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Do not connect directly to the Internet.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Separate from other networks by means of a firewall system that has a minimal number of ports exposed.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more details, refer to the \"Configuration Guide\" document for the respective TRO600 series router version.",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, see Hitachi Energy\u0027s security advisory 8DBD000147",
          "product_ids": [
            "CSAFPID-0002"
          ],
          "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147\u0026LanguageCode=en"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2024-41156",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with write access.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41156"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "(CVE-2024-41156) Hitachi Energy TRO600 series firmware versions from 9.0.1.0 to 9.2.0.0 (Configuration utility): Update to version 9.2.0.5",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Hitachi Energy has provided the additional following security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Physically protect process control systems from direct access by unauthorized personnel.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Do not connect directly to the Internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Separate from other networks by means of a firewall system that has a minimal number of ports exposed.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more details, refer to the \"Configuration Guide\" document for the respective TRO600 series router version.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, see Hitachi Energy\u0027s security advisory 8DBD000147",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147\u0026LanguageCode=en"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

GHSA-9XQP-XM5R-JJ9C

Vulnerability from github – Published: 2024-10-29 15:32 – Updated: 2024-10-29 15:32

Details

Severity ?

2.7 (Low)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-41156"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-212"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-29T13:15:04Z",
    "severity": "LOW"
  },
  "details": "Profile files from TRO600 series radios are extracted in plain-text\nand encrypted file formats. Profile files provide potential attackers\nvaluable configuration information about the Tropos network. Profiles\ncan only be exported by authenticated users with write access.",
  "id": "GHSA-9xqp-xm5r-jj9c",
  "modified": "2024-10-29T15:32:04Z",
  "published": "2024-10-29T15:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41156"
    },
    {
      "type": "WEB",
      "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2024-41156

Vulnerability from fkie_nvd - Published: 2024-10-29 13:15 - Updated: 2024-12-05 15:29

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Summary

References

	URL	Tags
	cybersecurity@hitachienergy.com	https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147&LanguageCode=en&DocumentPartId=&Action=launch	Vendor Advisory

Impacted products

Vendor	Product	Version
hitachienergy	tro610_firmware	*
hitachienergy	tro610	-
hitachienergy	tro620_firmware	*
hitachienergy	tro620	-
hitachienergy	tro670_firmware	*
hitachienergy	tro670	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hitachienergy:tro610_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5C2D2E0-5383-44E5-B8C6-C743503A8E51",
              "versionEndExcluding": "9.2.0.5",
              "versionStartIncluding": "9.1.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hitachienergy:tro610:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A46C6E-9314-40EB-A8BE-0D3A26B5FE4C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hitachienergy:tro620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE01813-8087-4E9B-8B2B-FF813C0E9506",
              "versionEndExcluding": "9.2.0.5",
              "versionStartIncluding": "9.1.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hitachienergy:tro620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC979E74-6316-4BED-87A6-4DC9B9747E0F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hitachienergy:tro670_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6A94F87-2875-46C9-8BD3-BE3EA9F71648",
              "versionEndExcluding": "9.2.0.5",
              "versionStartIncluding": "9.1.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hitachienergy:tro670:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E84F6910-1D58-4AE7-94EF-797C9BD52690",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Profile files from TRO600 series radios are extracted in plain-text\nand encrypted file formats. Profile files provide potential attackers\nvaluable configuration information about the Tropos network. Profiles\ncan only be exported by authenticated users with higher privilege of write access."
    },
    {
      "lang": "es",
      "value": " Los archivos de perfil de las radios de la serie TRO600 se extraen en formato de texto plano y en formato de archivo cifrado. Los archivos de perfil proporcionan a los posibles atacantes informaci\u00f3n valiosa sobre la configuraci\u00f3n de la red Tropos. Los perfiles solo pueden ser exportados por usuarios autenticados con acceso de escritura."
    }
  ],
  "id": "CVE-2024-41156",
  "lastModified": "2024-12-05T15:29:31.730",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4,
        "source": "cybersecurity@hitachienergy.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-29T13:15:04.847",
  "references": [
    {
      "source": "cybersecurity@hitachienergy.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch"
    }
  ],
  "sourceIdentifier": "cybersecurity@hitachienergy.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-212"
        }
      ],
      "source": "cybersecurity@hitachienergy.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-212"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-41156 (GCVE-0-2024-41156)

ICSA-24-317-02

GHSA-9XQP-XM5R-JJ9C

FKIE_CVE-2024-41156

Tags

Sightings

Nomenclature