Lucene search

Hitachi EnergyCVE-2024-28023

HistoryJun 11, 2024 - 2:15 p.m.

CVE-2024-28023

2024-06-1114:15:10

CWE-259

Hitachi Energy

web.nvd.nist.gov

vulnerability

message queueing

resource exposure

arbitrary code execution

unintended actors

sensitive information

CVSS3

5.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

AI Score

5.9

Confidence

High

EPSS

Percentile

9.0%

JSON

A vulnerability exists in the message queueing mechanism that if
exploited can lead to the exposure of resources or functionality to
unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "FOXMAN-UN",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "FOXMAN-UN R16B PC2"
      },
      {
        "lessThanOrEqual": "FOXMAN-UN R16B PC4",
        "status": "unaffected",
        "version": "FOXMAN-UN R16B PC3",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "FOXMAN-UN R15B PC4"
      },
      {
        "status": "unaffected",
        "version": "FOXMAN-UN R15B PC5"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "UNEM",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "UNEM R16B PC2"
      },
      {
        "lessThanOrEqual": "UNEM R16B PC4",
        "status": "unaffected",
        "version": "UNEM R16B PC3",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "UNEM R15B PC4"
      },
      {
        "status": "unaffected",
        "version": "UNEM R15B PC4"
      }
    ]
  }
]

References

publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true