mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-28 09:12:00 +00:00
98 lines
3.4 KiB
JSON
98 lines
3.4 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-2617",
|
|
"ASSIGNER": "cybersecurity@hitachienergy.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "\nA vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update. If a\nmalicious actor successfully exploits this vulnerability, they\ncould use it to update the RTU500 with unsigned firmware.\n\n"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Hitachi Energy",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "RTU500 series CMU firmware",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "13.2.1",
|
|
"version_value": "13.2.7"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "13.4.1",
|
|
"version_value": "13.4.4"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "13.5.1",
|
|
"version_value": "13.5.3"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000199&languageCode=en&Preview=true",
|
|
"refsource": "MISC",
|
|
"name": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000199&languageCode=en&Preview=true"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.1.0-dev"
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.2,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "HIGH",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |