CVE-2024-1532

EPSS 0.02%
Published 27.03.2024 03:15:10
Last modified 21.11.2024 08:50:46
Source cybersecurity@hitachienergy.co
Teams watchlist Login
Open Login

A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorHitachi Energy

≫

Product RTU500 series CMU firmware

Default Statusunaffected

Version <= 12.0.14

Version 12.0.1

Status affected

Version <= 12.2.11

Version 12.2.1

Status affected

Version <= 12.4.11

Version 12.4.1

Status affected

Version <= 12.6.9

Version 12.6.1

Status affected

Version <= 12.7.6

Version 12.7.1

Status affected

Version <= 13.2.6

Version 13.2.1

Status affected

Version <= 13.4.4

Version 13.4.1

Status affected

Version <= 13.5.3

Version 13.5.1

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.046

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
cybersecurity@hitachienergy.com	6.8	2.3	4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000190&languageCode=en&Preview=true

https://nvd.nist.gov/vuln/detail/CVE-2024-1532

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1532

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1532

EUVD