FKIE_CVE-2024-2012

Vulnerability from fkie_nvd - Published: 2024-06-11 14:15 - Updated: 2024-11-21 09:08
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior
References
cybersecurity@hitachienergy.comhttps://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=trueVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=trueVendor Advisory
Impacted products
Vendor Product Version
hitachienergy foxman-un r15a
hitachienergy foxman-un r15b
hitachienergy foxman-un r16a
hitachienergy foxman-un r16b
hitachienergy unem r15a
hitachienergy unem r15b
hitachienergy unem r15b
hitachienergy unem r16a
hitachienergy unem r16b
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hitachienergy:foxman-un:r15a:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7593C74-2882-45D3-AB32-3A45E3AECAAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachienergy:foxman-un:r15b:pc4:*:*:*:*:*:*",
              "matchCriteriaId": "7BFAA55C-0815-4ACA-A649-F1F910411885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachienergy:foxman-un:r16a:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EE987B2-0620-44BB-AEA7-4E20CBE44822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachienergy:foxman-un:r16b:pc2:*:*:*:*:*:*",
              "matchCriteriaId": "A2009AD7-6DF9-4DFC-B9F2-8632AC037A27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E78C9E5B-5876-4F15-A98A-359193287446",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachienergy:unem:r15b:pc4:*:*:*:*:*:*",
              "matchCriteriaId": "73AAF812-D503-4672-98A7-53C332317A30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachienergy:unem:r15b:pc5:*:*:*:*:*:*",
              "matchCriteriaId": "3071C1DE-77EE-4B40-A382-19A97770D49B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABB4A53-07A0-4F9A-824B-A1AC71CCB44E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachienergy:unem:r16b:pc2:*:*:*:*:*:*",
              "matchCriteriaId": "D83E9A04-633A-493B-BD7A-ED28B88A521D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or \ncode to be executed on the UNEM server allowing sensitive data to \nbe read or modified or could cause other unintended behavior"
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad en el servidor FOXMAN-UN/UNEM API Gateway que, si se explota, un atacante podr\u00eda usar para permitir que se ejecuten comandos o c\u00f3digos no deseados en el servidor UNEM, lo que permitir\u00eda leer o modificar datos confidenciales o podr\u00eda causar otro comportamiento no deseado."
    }
  ],
  "id": "CVE-2024-2012",
  "lastModified": "2024-11-21T09:08:48.537",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "cybersecurity@hitachienergy.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-11T14:15:11.273",
  "references": [
    {
      "source": "cybersecurity@hitachienergy.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
    }
  ],
  "sourceIdentifier": "cybersecurity@hitachienergy.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-288"
        }
      ],
      "source": "cybersecurity@hitachienergy.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.