CVE-2024-2461 (GCVE-0-2024-2461)
Vulnerability from cvelistv5
Published
2024-06-11 12:57
Modified
2024-08-01 19:11
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CWE
  • CWE-23 - Relative Path Traversal
Summary
If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible
References
Impacted products
Vendor Product Version
Hitachi Energy FOX61x Version: 0   <
Patch: FOX61x R16B Revision G, version (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07)
Version: FOX61x R15B   <
Version: FOX61x R16A
Version: FOX61x R15A
 Create a notification for this product.
   Hitachi Energy XMC20 Version: 0   <
Patch: XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07)
Version: XMC20 R15B   <
Patch: XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07)
Version: XMC20 R16A   <
Version: XMC20 R15A   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2461",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T13:58:39.472974Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-11T13:58:58.084Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:11:53.616Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FOX61x",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "lessThanOrEqual": "FOX61x R16B Revision E (cesm3_r16b04_02,  cesne_r16b04_02 and  f10ne_r16b04_02)",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "FOX61x R16B Revision G, version (cesm3_r16b04_07,  cesne_r16b04_07, f10ne_r16b04_07)",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "FOX61x R15B",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "FOX61X R16B Revision G,  (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07)"
            },
            {
              "status": "affected",
              "version": "FOX61x R16A"
            },
            {
              "status": "affected",
              "version": "FOX61x R15A"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XMC20",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "lessThanOrEqual": "XMC20 R16B Revision C (cent2_r16b04_02,  co5ne_r16b04_02)",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "XMC20 R16B Revision D, version  (cent2_r16b04_07, co5ne_r16b04_07)",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "XMC20 R15B",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07)",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "XMC20 R16A",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "XMC20 R15A",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nIf exploited an attacker could traverse the file system to access \nfiles or directories that would otherwise be inaccessible\n\n"
            }
          ],
          "value": "If exploited an attacker could traverse the file system to access \nfiles or directories that would otherwise be inaccessible"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-11T12:57:04.498Z",
        "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "shortName": "Hitachi Energy"
      },
      "references": [
        {
          "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
    "assignerShortName": "Hitachi Energy",
    "cveId": "CVE-2024-2461",
    "datePublished": "2024-06-11T12:57:04.498Z",
    "dateReserved": "2024-03-14T17:09:59.168Z",
    "dateUpdated": "2024-08-01T19:11:53.616Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-2461\",\"sourceIdentifier\":\"cybersecurity@hitachienergy.com\",\"published\":\"2024-06-11T13:15:49.750\",\"lastModified\":\"2024-11-21T09:09:48.013\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"If exploited an attacker could traverse the file system to access \\nfiles or directories that would otherwise be inaccessible\"},{\"lang\":\"es\",\"value\":\"Si es explotado, un atacante podr\u00eda atravesar el sistema de archivos para acceder a archivos o directorios que de otro modo ser\u00edan inaccesibles.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cybersecurity@hitachienergy.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"cybersecurity@hitachienergy.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-23\"}]}],\"references\":[{\"url\":\"https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true\",\"source\":\"cybersecurity@hitachienergy.com\"},{\"url\":\"https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T19:11:53.616Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-2461\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-11T13:58:39.472974Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-11T13:58:53.155Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hitachi Energy\", \"product\": \"FOX61x\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"FOX61x R16B Revision E (cesm3_r16b04_02,  cesne_r16b04_02 and  f10ne_r16b04_02)\"}, {\"status\": \"unaffected\", \"version\": \"FOX61x R16B Revision G, version (cesm3_r16b04_07,  cesne_r16b04_07, f10ne_r16b04_07)\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"FOX61x R15B\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"FOX61X R16B Revision G,  (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07)\"}, {\"status\": \"affected\", \"version\": \"FOX61x R16A\"}, {\"status\": \"affected\", \"version\": \"FOX61x R15A\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Hitachi Energy\", \"product\": \"XMC20\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"XMC20 R16B Revision C (cent2_r16b04_02,  co5ne_r16b04_02)\"}, {\"status\": \"unaffected\", \"version\": \"XMC20 R16B Revision D, version  (cent2_r16b04_07, co5ne_r16b04_07)\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"XMC20 R15B\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07)\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"XMC20 R16A\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"XMC20 R15A\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"If exploited an attacker could traverse the file system to access \\nfiles or directories that would otherwise be inaccessible\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\nIf exploited an attacker could traverse the file system to access \\nfiles or directories that would otherwise be inaccessible\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-23\", \"description\": \"CWE-23 Relative Path Traversal\"}]}], \"providerMetadata\": {\"orgId\": \"e383dce4-0c27-4495-91c4-0db157728d17\", \"shortName\": \"Hitachi Energy\", \"dateUpdated\": \"2024-06-11T12:57:04.498Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-2461\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T19:11:53.616Z\", \"dateReserved\": \"2024-03-14T17:09:59.168Z\", \"assignerOrgId\": \"e383dce4-0c27-4495-91c4-0db157728d17\", \"datePublished\": \"2024-06-11T12:57:04.498Z\", \"assignerShortName\": \"Hitachi Energy\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.