CVE-2024-41156

EPSS 0.07%
Veröffentlicht 29.10.2024 13:15:04
Zuletzt bearbeitet 05.12.2024 15:29:31
Quelle cybersecurity@hitachienergy.co
CVE-Watchlists
Login
Unerledigt
Login

Profile files from TRO600 series radios are extracted in plain-text
and encrypted file formats. Profile files provide potential attackers
valuable configuration information about the Tropos network. Profiles
can only be exported by authenticated users with higher privilege of write access.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hitachienergy ≫ Tro610 Firmware Version >= 9.1.0.0 < 9.2.0.5

Hitachienergy ≫ Tro610 Version-

Hitachienergy ≫ Tro620 Firmware Version >= 9.1.0.0 < 9.2.0.5

Hitachienergy ≫ Tro620 Version-

Hitachienergy ≫ Tro670 Firmware Version >= 9.1.0.0 < 9.2.0.5

Hitachienergy ≫ Tro670 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.224

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
cybersecurity@hitachienergy.com	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147&LanguageCode=en&DocumentPartId=&Action=launch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-41156

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-41156

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-41156

EUVD