1. EXECUTIVE SUMMARY
- CVSS v4 6.8
- ATTENTION: Low Attack Complexity
- Vendor: Hitachi Energy
- Equipment: XMC20, ECST, UNEM
- Vulnerability: Improper Validation of Certificate with Host Mismatch
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow attackers to intercept or falsify data exchanges between the client and the server.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Hitachi Energy reports that the following products are affected:
- XMC20: Versions prior to R16B
- ECST: Versions prior to 16.2.1
- UNEM: Versions prior to R15A
- UNEM: R15A
- UNEM: R15B PC4 and prior
- UNEM: R16A
- UNEM: R16B PC2 and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER VALIDATION OF CERTIFICATE WITH HOST MISMATCH CWE-297
Hitachi Energy is aware of a vulnerability that affects the ECST client application which if exploited could allow attackers to intercept or falsify data exchanges between the client and the server.
CVE-2024-2462 has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been calculated; the CVSS vector string is (CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).
A CVSS v4 score has also been calculated for CVE-2024-2462. A base score of 6.8 has been calculated; the CVSS vector string is (CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS:
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: