CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28022
https://notcve.org/view.php?id=CVE-2024-28022
A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account. Existe una vulnerabilidad en el servidor/APIGateway de FOXMAN-UN/UNEM que, si se explota, permite a un usuario malintencionado realizar un número arbitrario de intentos de autenticación utilizando diferentes contraseñas y, finalmente, obtener acceso a la cuenta objetivo. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-2617
https://notcve.org/view.php?id=CVE-2024-2617
A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned firmware. Existe una vulnerabilidad en el RTU500 que permite a los usuarios autenticados y autorizados omitir la actualización segura. Si un actor malintencionado aprovecha con éxito esta vulnerabilidad, podría usarla para actualizar el RTU500 con firmware sin firmar. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000199&languageCode=en&Preview=true • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 3CVE-2024-2377
https://notcve.org/view.php?id=CVE-2024-2377
A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information. Existe una vulnerabilidad en la configuración del servidor web del encabezado de respuesta HTTP demasiado permisiva del SDM600. Un atacante puede aprovechar esto y posiblemente realizar acciones privilegiadas y acceder a información confidencial. • https://github.com/Verrideo/CVE-2024-23774 https://github.com/Verrideo/CVE-2024-23773 https://github.com/Verrideo/CVE-2024-23772 https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191&languageCode=en&Preview=true • CWE-346: Origin Validation Error •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2097
https://notcve.org/view.php?id=CVE-2024-2097
Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker otherwise does not have authorization to do. El cliente de control de lista autenticado puede ejecutar la consulta LINQ en el servidor SCM para presentar el evento como una lista para el operador. Un cliente malicioso autenticado puede enviar una consulta LINQ especial para ejecutar código arbitrario de forma remota (RCE) en el servidor SCM para lo cual, de otro modo, un atacante no tendría autorización. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0400
https://notcve.org/view.php?id=CVE-2024-0400
SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) on the SCM Server remotely. Malicious clients can execute any command by using this RCE vulnerability. El software SCM es una aplicación cliente y servidor. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true • CWE-94: Improper Control of Generation of Code ('Code Injection') •