Japan Vulnerability NotesJVN:17680667JVN#17680667: Multiple vulnerabilities in Unifier and Unifier Cast
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
9.0%
Unifier and Unifier Cast provided by Yokogawa Rental & Lease Corporation contains multiple vulnerabilities listed below.
Incorrect Default Permissions configured by Cast Launcher (CWE-276) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-23847Missing Authorization for coejobhook Command Execution (CWE-862) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2024-36246
Impact
An arbitrary code may be executed with LocalSystem privilege.
As a result, a malicious program may be installed, data may be modified or deleted.
Solution
Apply the patch
Apply the patch according to the information provided by the developer.
For more information, refer to the information provided by the developer.
Products Affected
- Unifier Version.5.0 or later, and the patch “20240527” not applied
- Unifier Cast Version.5.0 or later, and the patch “20240527” not applied
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
9.0%