Vulnerability-Lookup

GHSA-MP2W-FJQ2-347V

Vulnerability from github – Published: 2024-06-11 15:31 – Updated: 2024-06-11 15:31

Details

A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.

Severity

5.7 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-28023"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-259"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-11T14:15:10Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability exists in the message queueing mechanism that if \nexploited can lead to the exposure of resources or functionality to \nunintended actors, possibly providing attackers with sensitive infor\u0002mation or even execute arbitrary code.",
  "id": "GHSA-mp2w-fjq2-347v",
  "modified": "2024-06-11T15:31:14Z",
  "published": "2024-06-11T15:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28023"
    },
    {
      "type": "WEB",
      "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2024-28023 (GCVE-0-2024-28023)

Vulnerability from cvelistv5 – Published: 2024-06-11 13:55 – Updated: 2024-08-02 00:48

Summary

Severity

5.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-259 - Use of Hard-coded Password

Assigner

Hitachi Energy

References

1 reference

URL	Tags
https://publisher.hitachienergy.com/preview?Docum…

Impacted products

2 products

Vendor	Product	Version
Hitachi Energy	FOXMAN-UN	Affected: FOXMAN-UN R16B PC2 Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom) Affected: FOXMAN-UN R15B PC4 Unaffected: FOXMAN-UN R15B PC5
Hitachi Energy	UNEM	Affected: UNEM R16B PC2 Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom) Affected: UNEM R15B PC4 Unaffected: UNEM R15B PC4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28023",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T15:40:34.740767Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T15:15:53.504Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:48:47.834Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FOXMAN-UN",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "status": "affected",
              "version": "FOXMAN-UN R16B PC2"
            },
            {
              "lessThanOrEqual": "FOXMAN-UN R16B PC4",
              "status": "unaffected",
              "version": "FOXMAN-UN R16B PC3",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "FOXMAN-UN R15B PC4"
            },
            {
              "status": "unaffected",
              "version": "FOXMAN-UN R15B PC5"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNEM",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "status": "affected",
              "version": "UNEM R16B PC2"
            },
            {
              "lessThanOrEqual": "UNEM R16B PC4",
              "status": "unaffected",
              "version": "UNEM R16B PC3",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "UNEM R15B PC4"
            },
            {
              "status": "unaffected",
              "version": "UNEM R15B PC4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability exists in the message queueing mechanism that if \nexploited can lead to the exposure of resources or functionality to \nunintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.\n\n\n"
            }
          ],
          "value": "A vulnerability exists in the message queueing mechanism that if \nexploited can lead to the exposure of resources or functionality to \nunintended actors, possibly providing attackers with sensitive information or even execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "CWE-259 Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T16:05:56.127Z",
        "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "shortName": "Hitachi Energy"
      },
      "references": [
        {
          "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
    "assignerShortName": "Hitachi Energy",
    "cveId": "CVE-2024-28023",
    "datePublished": "2024-06-11T13:55:56.127Z",
    "dateReserved": "2024-02-29T13:42:00.746Z",
    "dateUpdated": "2024-08-02T00:48:47.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-MP2W-FJQ2-347V

CVE-2024-28023 (GCVE-0-2024-28023)

Tags

Sightings

Nomenclature