SecuriTricks - CVE-2024-41156

Description

Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with write access.

Product(s) Impacted

Vendor	Product	Versions
Hitachienergy	Tro610 Firmware Tro610 Tro620 Firmware Tro620 Tro670 Firmware Tro670	* - * - * -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	hitachienergy	tro610_firmware	/	/	/	/	/	/	/	/
h	hitachienergy	tro610	-	/	/	/	/	/	/	/
o	hitachienergy	tro620_firmware	/	/	/	/	/	/	/	/
h	hitachienergy	tro620	-	/	/	/	/	/	/	/
o	hitachienergy	tro670_firmware	/	/	/	/	/	/	/	/
h	hitachienergy	tro670	-	/	/	/	/	/	/	/

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147&LanguageCode=en&DocumentPartId=&Action=launch

CVSS Score

4.3 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: NONE
Availability Impact: NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

View Vector String

Timeline

Published: Oct. 29, 2024, 1:15 p.m.
Last Modified: Oct. 31, 2024, 2:49 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cybersecurity@hitachienergy.com

CVE-2024-41156