9.8

CVE-2024-2012

EPSS 0.31%
Veröffentlicht 11.06.2024 14:15:11
Zuletzt bearbeitet 21.11.2024 09:08:48
Quelle cybersecurity@hitachienergy.co
CVE-Watchlists
Login
Unerledigt
Login

vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or 
code to be executed on the UNEM server allowing sensitive data to 
be read or modified or could cause other unintended behavior

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hitachienergy ≫ Foxman-un Versionr15a

Hitachienergy ≫ Foxman-un Versionr15b Updatepc4

Hitachienergy ≫ Foxman-un Versionr16a

Hitachienergy ≫ Foxman-un Versionr16b Updatepc2

Hitachienergy ≫ Unem Versionr15a

Hitachienergy ≫ Unem Versionr15b Updatepc4

Hitachienergy ≫ Unem Versionr15b Updatepc5

Hitachienergy ≫ Unem Versionr16a

Hitachienergy ≫ Unem Versionr16b Updatepc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.534

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cybersecurity@hitachienergy.com	9.1	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-2012

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2012

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2012

EUVD