CVE-2024-2378

Published: Apr 30, 2024Modified: Nov 21, 2024

8.0

Vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 6.0

Source: cybersecurity@hitachienergy.com (Secondary)

Description

A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations.

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191&languageCode=en&Preview=true

Source: cybersecurity@hitachienergy.com

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191&languageCode=en&Preview=true

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.