CVE-2024-2012 CRITICAL

Published: 2024-06-11 | Last Modified: 2024-11-21 | Status: Modified

Description

vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior

Additional Descriptions (1)

Existe una vulnerabilidad en el servidor FOXMAN-UN/UNEM API Gateway que, si se explota, un atacante podría usar para permitir que se ejecuten comandos o códigos no deseados en el servidor UNEM, lo que permitiría leer o modificar datos confidenciales o podría causar otro comportamiento no deseado.

CVSS Metrics

Base Score: 9.8 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 5.9

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-288
[email protected]	Primary	en NVD-CWE-noinfo

Affected Products

Vendor	Product	Version	Update	Type
hitachienergy	foxman-un	r15a	<built-in method update of dict object at 0x72a9b0b69080>	Application
hitachienergy	foxman-un	r15b	<built-in method update of dict object at 0x72a9ccf9e600>	Application
hitachienergy	foxman-un	r16a	<built-in method update of dict object at 0x72a9b0b6b840>	Application
hitachienergy	foxman-un	r16b	<built-in method update of dict object at 0x72a9b0b69b00>	Application
hitachienergy	unem	r15a	<built-in method update of dict object at 0x72a9b0b6a7c0>	Application
hitachienergy	unem	r15b	<built-in method update of dict object at 0x72a9b0b68fc0>	Application
hitachienergy	unem	r15b	<built-in method update of dict object at 0x72a9b0905b40>	Application
hitachienergy	unem	r16a	<built-in method update of dict object at 0x72a9ccd298c0>	Application
hitachienergy	unem	r16b	<built-in method update of dict object at 0x72a9ccd2bf80>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r15a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r15b:pc4::::::`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r16a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r16b:pc2::::::`
Yes	`cpe:2.3:a:hitachienergy:unem:r15a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r15b:pc4::::::`
Yes	`cpe:2.3:a:hitachienergy:unem:r15b:pc5::::::`
Yes	`cpe:2.3:a:hitachienergy:unem:r16a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r16b:pc2::::::`

References

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true
Source: [email protected]

Vendor Advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory