Lucene search

JpcertCVE-2024-23847

HistoryMay 31, 2024 - 6:15 a.m.

CVE-2024-23847

2024-05-3106:15:10

CWE-276

jpcert

web.nvd.nist.gov

cve-2024-23847

unifier

unifier cast

default permissions

arbitrary code execution

localsystem privilege

malicious program

data modification

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Incorrect default permissions issue exists in Unifier and Unifier Cast Version.5.0 or later, and the patch “20240527” not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted.

Affected configurations

Vulners

Vulnrichment

Node

yokogawa_rental_\&_lease_corporationunifierMatch.5.0

yokogawa_rental_\&_lease_corporationunifierMatch20240527

yokogawa_rental_\&_lease_corporationunifier_castMatch.5.0

yokogawa_rental_\&_lease_corporationunifier_castMatch20240527

VendorProductVersionCPE
yokogawa_rental_\&_lease_corporationunifier.5.0cpe:2.3:a:yokogawa_rental_\&_lease_corporation:unifier:.5.0:*:*:*:*:*:*:*
yokogawa_rental_\&_lease_corporationunifier20240527cpe:2.3:a:yokogawa_rental_\&_lease_corporation:unifier:20240527:*:*:*:*:*:*:*
yokogawa_rental_\&_lease_corporationunifier_cast.5.0cpe:2.3:a:yokogawa_rental_\&_lease_corporation:unifier_cast:.5.0:*:*:*:*:*:*:*
yokogawa_rental_\&_lease_corporationunifier_cast20240527cpe:2.3:a:yokogawa_rental_\&_lease_corporation:unifier_cast:20240527:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yokogawa_rental_\&_lease_corporation	unifier	.5.0	cpe:2.3:a:yokogawa_rental_\&_lease_corporation:unifier:.5.0:::::::*
yokogawa_rental_\&_lease_corporation	unifier	20240527	cpe:2.3:a:yokogawa_rental_\&_lease_corporation:unifier:20240527:::::::*
yokogawa_rental_\&_lease_corporation	unifier_cast	.5.0	cpe:2.3:a:yokogawa_rental_\&_lease_corporation:unifier_cast:.5.0:::::::*
yokogawa_rental_\&_lease_corporation	unifier_cast	20240527	cpe:2.3:a:yokogawa_rental_\&_lease_corporation:unifier_cast:20240527:::::::*

CNA Affected

[
  {
    "vendor": "Yokogawa Rental & Lease Corporation",
    "product": "Unifier",
    "versions": [
      {
        "version": "Version.5.0 or later",
        "status": "affected"
      },
      {
        "version": " and the patch \"20240527\" not applied",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Yokogawa Rental & Lease Corporation",
    "product": "Unifier Cast ",
    "versions": [
      {
        "version": "Version.5.0 or later",
        "status": "affected"
      },
      {
        "version": " and the patch \"20240527\" not applied",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN17680667/

www.yrl.com/fwp_support/info/khvu7f00000000q7.html

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-23847