CVE-2024-2462 - Vulnerability Details

Description

Allow attackers to intercept or falsify data exchanges between the client
and the server

Published: 2024-06-11

Score: 6.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Hitachi Energy

FOXMAN-UN

unaffected

Version	Status	Constraints
`0`	affected	≤ FOXMAN-UN R16B PC2
`FOXMAN-UN R16B PC3`	unaffected	—
`0`	affected	≤ FOXMAN-UN R15B PC4
`FOXMAN-UN R15B PC5`	unaffected	—
`FOXMAN-UN R16A`	affected	—
`FOXMAN-UN R15A`	affected	—

Hitachi Energy

FOX61x

unaffected

Version	Status	Constraints
`0`	affected	< FOX61x R16B
`FOX61x R16B`	unaffected	—

Hitachi Energy

FOXCST

unaffected

Version	Status	Constraints
`0`	affected	< FOXCST_16.2.1
`FOXCST_16.2.1`	unaffected	—

Hitachi Energy

UNEM

unaffected

Version	Status	Constraints
`0`	affected	≤ UNEM R16B PC2
`UNEM R16B PC3`	unaffected	—
`0`	affected	≤ UNEM R15B PC4
`UNEM R15B PC5`	unaffected	—
`UNEM R16A`	affected	—
`UNEM R15A`	affected	—

Hitachi Energy

XMC20

unaffected

Version	Status	Constraints
`R16B`	affected	—

Hitachi Energy

ECST

unaffected

Version	Status	Constraints
`ECST_16.2.1`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-27411	Allow attackers to intercept or falsify data exchanges between the client and the server

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00137.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198&languageCode=en&Preview=true

History

No history.

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Hitachi Energy

Published: 2024-06-11T12:48:57.963Z

Updated: 2024-08-01T19:11:53.576Z

Reserved: 2024-03-14T17:09:59.755Z

Link: CVE-2024-2462

Vulnrichment

Updated: 2024-08-01T19:11:53.576Z

NVD

Status : Deferred

Published: 2024-06-11T13:15:49.910

Modified: 2026-04-15T00:35:42.020

Link: CVE-2024-2462

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-297

Tracking

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact High

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object