CVE-2024-2011 CRITICAL

Published: 2024-06-11 | Last Modified: 2024-11-21 | Status: Modified

Description

A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy

Additional Descriptions (1)

Existe una vulnerabilidad de desbordamiento de búfer basada en montón en FOXMAN-UN/UNEM que, si se explota, generalmente conducirá a una denegación de servicio, pero puede usarse para ejecutar código arbitrario, lo que generalmente está fuera del alcance de la política de seguridad implícita de un programa.

CVSS Metrics

Base Score: 9.8 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 5.9

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-122
[email protected]	Primary	en CWE-787

Affected Products

Vendor	Product	Version	Update	Type
hitachienergy	foxman-un	r15a	<built-in method update of dict object at 0x72a9b0b6af40>	Application
hitachienergy	foxman-un	r15b	<built-in method update of dict object at 0x72a9ccd2bfc0>	Application
hitachienergy	foxman-un	r16a	<built-in method update of dict object at 0x72a9ccd29000>	Application
hitachienergy	foxman-un	r16b	<built-in method update of dict object at 0x72a9ccf9f300>	Application
hitachienergy	unem	r15a	<built-in method update of dict object at 0x72a9b0b6b1c0>	Application
hitachienergy	unem	r15b	<built-in method update of dict object at 0x72a9b0904e40>	Application
hitachienergy	unem	r16a	<built-in method update of dict object at 0x72a9ccd29c80>	Application
hitachienergy	unem	r16b	<built-in method update of dict object at 0x72a9b0906b80>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r15a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r15b:pc4::::::`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r16a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r16b:pc2::::::`
Yes	`cpe:2.3:a:hitachienergy:unem:r15a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r15b:pc4::::::`
Yes	`cpe:2.3:a:hitachienergy:unem:r16a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r16b:pc2::::::`

References

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true
Source: [email protected]

Vendor Advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true
Source: [email protected]

Vendor Advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory