CVE-2024-41156
Oct. 31, 2024, 2:49 p.m.
Tags
CVSS Score
Products Impacted
| Vendor | Product | Versions |
|---|---|---|
| hitachienergy |
|
|
Description
Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with write access.
Weaknesses
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
CWE ID: 212Date
Published: Oct. 29, 2024, 1:15 p.m.
Last Modified: Oct. 31, 2024, 2:49 p.m.
Status : Analyzed
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cybersecurity@hitachienergy.com
CPEs
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| o | hitachienergy | tro610_firmware | / | / | / | / | / | / | / | / |
| h | hitachienergy | tro610 | - | / | / | / | / | / | / | / |
| o | hitachienergy | tro620_firmware | / | / | / | / | / | / | / | / |
| h | hitachienergy | tro620 | - | / | / | / | / | / | / | / |
| o | hitachienergy | tro670_firmware | / | / | / | / | / | / | / | / |
| h | hitachienergy | tro670 | - | / | / | / | / | / | / | / |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
Base Score
Exploitability Score
Impact Score
Base Severity
MEDIUMCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N