Lucene search

INCDVULNRICHMENT:CVE-2024-27774

HistoryMar 18, 2024 - 1:34 p.m.

CVE-2024-27774 Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-259: Use of Hard-coded Password

2024-03-1813:34:31

CWE-259

INCD

github.com

unitronics unistream unilogic

versions

cwe-259

use of hard-coded password

sensitive information

firmware

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Unitronics Unistream Unilogic – Versions prior to 1.35.227 -

CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device’s Firmware

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Unistream Unilogic",
    "vendor": "Unitronics ",
    "versions": [
      {
        "lessThan": "1.35.227",
        "status": "affected",
        "version": "All versions",
        "versionType": "custom"
      }
    ]
  }
]

References

claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered

www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-27774