CVE-2024-2011 - Vulnerability Details

Description

A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that
if exploited will generally lead to a denial of service but can be used
to execute arbitrary code, which is usually outside the scope of a
program's implicit security policy

Published: 2024-06-11

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Hitachi Energy

FOXMAN-UN

unaffected

Version	Status	Constraints
`FOXMAN-UN R16B PC2`	affected	—
`FOXMAN-UN R16B PC3`	unaffected	≤ FOXMAN-UN R16B PC4
`FOXMAN-UN R15B PC4`	affected	—
`FOXMAN-UN R16B PC5`	unaffected	—
`FOXMAN-UN R16A`	affected	—
`FOXMAN-UN R15A`	affected	—

Hitachi Energy

UNEM

unaffected

Version	Status	Constraints
`UNEM R16B PC2`	affected	—
`UNEM R16B PC3`	unaffected	≤ UNEM R16B PC4
`UNEM R15B PC4`	affected	—
`UNEM R16B PC5`	unaffected	—
`UNEM R16A`	affected	—
`UNEM R15A`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:hitachienergy:foxman-un:r15a:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r15b:pc4::::::
	cpe:2.3:a:hitachienergy:foxman-un:r16a:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r16b:pc2::::::
	cpe:2.3:a:hitachienergy:unem:r15a:::::::*
	cpe:2.3:a:hitachienergy:unem:r15b:pc4::::::
	cpe:2.3:a:hitachienergy:unem:r16a:::::::*
	cpe:2.3:a:hitachienergy:unem:r16b:pc2::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-26981	A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00497.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true

History

Thu, 15 Aug 2024 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hitachienergy Hitachienergy foxman-un Hitachienergy unem
Weaknesses		CWE-787
CPEs		cpe:2.3:a:hitachienergy:foxman-un:r15a:::::::* cpe:2.3:a:hitachienergy:foxman-un:r15b:pc4:::::: cpe:2.3:a:hitachienergy:foxman-un:r16a:::::::* cpe:2.3:a:hitachienergy:foxman-un:r16b:pc2:::::: cpe:2.3:a:hitachienergy:unem:r15a:::::::* cpe:2.3:a:hitachienergy:unem:r15b:pc4:::::: cpe:2.3:a:hitachienergy:unem:r16a:::::::* cpe:2.3:a:hitachienergy:unem:r16b:pc2::::::
Vendors & Products		Hitachienergy Hitachienergy foxman-un Hitachienergy unem

Subscriptions

Hitachienergy Foxman-un Unem

MITRE

Status: PUBLISHED

Assigner: Hitachi Energy

Published: 2024-06-11T13:24:58.764Z

Updated: 2024-08-01T18:56:22.675Z

Reserved: 2024-02-29T13:42:05.971Z

Link: CVE-2024-2011

Vulnrichment

Updated: 2024-08-01T18:56:22.675Z

NVD

Status : Modified

Published: 2024-06-11T14:15:11.050

Modified: 2024-11-21T09:08:48.397

Link: CVE-2024-2011

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object