Lucene search

Hitachi EnergyVULNRICHMENT:CVE-2024-2011

HistoryJun 11, 2024 - 1:24 p.m.

CVE-2024-2011

2024-06-1113:24:58

CWE-122

Hitachi Energy

github.com

buffer overflow

foxman-un/unem

denial of service

arbitrary code execution

security policy

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that
if exploited will generally lead to a denial of service but can be used
to execute arbitrary code, which is usually outside the scope of a
program’s implicit security policy

CNA Affected

[
  {
    "vendor": "Hitachi Energy",
    "product": "FOXMAN-UN",
    "versions": [
      {
        "status": "affected",
        "version": "FOXMAN-UN R16B PC2",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "FOXMAN-UN R16B PC3",
        "versionType": "custom",
        "lessThanOrEqual": "FOXMAN-UN R16B PC4"
      },
      {
        "status": "affected",
        "version": "FOXMAN-UN R15B PC4",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "FOXMAN-UN R16B PC5",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "FOXMAN-UN R16A"
      },
      {
        "status": "affected",
        "version": "FOXMAN-UN R15A"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Hitachi Energy",
    "product": "UNEM",
    "versions": [
      {
        "status": "affected",
        "version": "UNEM R16B PC2",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "UNEM R16B PC3",
        "versionType": "custom",
        "lessThanOrEqual": "UNEM R16B PC4"
      },
      {
        "status": "affected",
        "version": "UNEM R15B PC4",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "UNEM R16B PC5",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "UNEM R16A"
      },
      {
        "status": "affected",
        "version": "UNEM R15A"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true

publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-2011