CVE-2024-22028 - Vulnerability Details

Vendors	Products
3rrr-btob	3r-tmc01 3r-tmc01 Firmware 3r-tmc02 3r-tmc02 Firmware 3r-tmc03 3r-tmc03 Firmware 3r-tmc04 3r-tmc04 Firmware 3r-tmc05 3r-tmc05 Firmware 3r-tmc06 3r-tmc06 Firmware

Link	Providers
https://3rrr-btob.jp/archives/news/23624
https://jvn.jp/en/jp/JVN96240417/

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22028", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-01-04T02:17:28.653Z", "datePublished": "2024-01-15T06:53:27.089Z", "dateUpdated": "2024-08-01T22:35:34.809Z"}, "containers": {"cna": {"affected": [{"vendor": "THREE R SOLUTION CORP. JAPAN", "product": "3R-TMC01", "versions": [{"version": "all firmware versions", "status": "affected"}]}, {"vendor": "THREE R SOLUTION CORP. JAPAN", "product": "3R-TMC02", "versions": [{"version": "all firmware versions", "status": "affected"}]}, {"vendor": "THREE R SOLUTION CORP. JAPAN", "product": "3R-TMC03", "versions": [{"version": "all firmware versions", "status": "affected"}]}, {"vendor": "THREE R SOLUTION CORP. JAPAN", "product": "3R-TMC04", "versions": [{"version": "all firmware versions", "status": "affected"}]}, {"vendor": "THREE R SOLUTION CORP. JAPAN", "product": "3R-TMC05", "versions": [{"version": "all firmware versions", "status": "affected"}]}, {"vendor": "THREE R SOLUTION CORP. JAPAN", "product": "3R-TMC06", "versions": [{"version": "all firmware versions", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data."}], "problemTypes": [{"descriptions": [{"description": "Insufficient verification of data authenticity", "lang": "en", "type": "text"}]}], "references": [{"url": "https://3rrr-btob.jp/archives/news/23624"}, {"url": "https://jvn.jp/en/jp/JVN96240417/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-01-15T06:53:27.089Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.809Z"}, "title": "CVE Program Container", "references": [{"url": "https://3rrr-btob.jp/archives/news/23624", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN96240417/", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-22028 (string)

assignerOrgId : ede6fdc4-6654-4307-a26d-3331c018e2ce (string)

state : PUBLISHED (string)

assignerShortName : jpcert (string)

dateReserved : 2024-01-04T02:17:28.653Z (string)

datePublished : 2024-01-15T06:53:27.089Z (string)

dateUpdated : 2024-08-01T22:35:34.809Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

vendor : THREE R SOLUTION CORP. JAPAN (string)

product : 3R-TMC01 (string)

versions : [ »

0 : { »

version : all firmware versions (string)

status : affected (string)

}

]

}

1 : { »

vendor : THREE R SOLUTION CORP. JAPAN (string)

product : 3R-TMC02 (string)

versions : [ »

0 : { »

version : all firmware versions (string)

status : affected (string)

}

]

}

2 : { »

vendor : THREE R SOLUTION CORP. JAPAN (string)

product : 3R-TMC03 (string)

versions : [ »

0 : { »

version : all firmware versions (string)

status : affected (string)

}

]

}

3 : { »

vendor : THREE R SOLUTION CORP. JAPAN (string)

product : 3R-TMC04 (string)

versions : [ »

0 : { »

version : all firmware versions (string)

status : affected (string)

}

]

}

4 : { »

vendor : THREE R SOLUTION CORP. JAPAN (string)

product : 3R-TMC05 (string)

versions : [ »

0 : { »

version : all firmware versions (string)

status : affected (string)

}

]

}

5 : { »

vendor : THREE R SOLUTION CORP. JAPAN (string)

product : 3R-TMC06 (string)

versions : [ »

0 : { »

version : all firmware versions (string)

status : affected (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Insufficient verification of data authenticity (string)

lang : en (string)

type : text (string)

}

]

}

]

references : [ »

0 : { »

url : https://3rrr-btob.jp/archives/news/23624 (string)

}

1 : { »

url : https://jvn.jp/en/jp/JVN96240417/ (string)

}

]

providerMetadata : { »

orgId : ede6fdc4-6654-4307-a26d-3331c018e2ce (string)

shortName : jpcert (string)

dateUpdated : 2024-01-15T06:53:27.089Z (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-01T22:35:34.809Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://3rrr-btob.jp/archives/news/23624 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://jvn.jp/en/jp/JVN96240417/ (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:3rrr-btob:3r-tmc01_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "98EEB41C-0F8C-4A26-A3BC-60653B4502C5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:3rrr-btob:3r-tmc01:-:*:*:*:*:*:*:*", "matchCriteriaId": "4970BECE-6B13-42AA-A5CC-BA61156797C5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:3rrr-btob:3r-tmc02_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "68A50A1E-64DD-4C58-B9E5-35EE6CA14FDE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:3rrr-btob:3r-tmc02:-:*:*:*:*:*:*:*", "matchCriteriaId": "BCF69C40-D7BE-4CD1-840C-4D38D4098088", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:3rrr-btob:3r-tmc03_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFBC978F-3938-44BA-8434-DEB10DCE0C12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:3rrr-btob:3r-tmc03:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C7D526D-D539-4C5B-97CF-4BF42865FF9C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:3rrr-btob:3r-tmc04_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "32F7B278-C4EA-4745-9CD8-31E3C8B182AB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:3rrr-btob:3r-tmc04:-:*:*:*:*:*:*:*", "matchCriteriaId": "338343F1-FCEF-457A-ABF7-4D0C1FE683D3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:3rrr-btob:3r-tmc05_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB209B1E-0EA7-4055-8A83-C9E15D852780", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:3rrr-btob:3r-tmc05:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A6E1DF8-8C35-4AC0-B59A-F5ADE5319304", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:3rrr-btob:3r-tmc06_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "70B0BD30-194A-4ED3-AAEF-75624FA9527C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:3rrr-btob:3r-tmc06:-:*:*:*:*:*:*:*", "matchCriteriaId": "582D63B0-129D-4C07-9336-F7E98748571E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data."}, {"lang": "es", "value": "Existe un problema de documentaci\u00f3n t\u00e9cnica insuficiente en todas las versiones de firmware de la c\u00e1mara t\u00e9rmica serie TMC. El usuario del producto afectado no conoce los datos guardados internamente. Al acceder f\u00edsicamente al producto afectado, un atacante puede recuperar los datos internos."}], "id": "CVE-2024-22028", "lastModified": "2024-11-21T08:55:25.737", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-15T07:15:09.507", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://3rrr-btob.jp/archives/news/23624"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN96240417/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://3rrr-btob.jp/archives/news/23624"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN96240417/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:3rrr-btob:3r-tmc01_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 98EEB41C-0F8C-4A26-A3BC-60653B4502C5 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:3rrr-btob:3r-tmc01:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 4970BECE-6B13-42AA-A5CC-BA61156797C5 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:3rrr-btob:3r-tmc02_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 68A50A1E-64DD-4C58-B9E5-35EE6CA14FDE (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:3rrr-btob:3r-tmc02:-:*:*:*:*:*:*:* (string)

matchCriteriaId : BCF69C40-D7BE-4CD1-840C-4D38D4098088 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:3rrr-btob:3r-tmc03_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : DFBC978F-3938-44BA-8434-DEB10DCE0C12 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:3rrr-btob:3r-tmc03:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2C7D526D-D539-4C5B-97CF-4BF42865FF9C (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:3rrr-btob:3r-tmc04_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 32F7B278-C4EA-4745-9CD8-31E3C8B182AB (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:3rrr-btob:3r-tmc04:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 338343F1-FCEF-457A-ABF7-4D0C1FE683D3 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:3rrr-btob:3r-tmc05_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BB209B1E-0EA7-4055-8A83-C9E15D852780 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:3rrr-btob:3r-tmc05:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 8A6E1DF8-8C35-4AC0-B59A-F5ADE5319304 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:3rrr-btob:3r-tmc06_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 70B0BD30-194A-4ED3-AAEF-75624FA9527C (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:3rrr-btob:3r-tmc06:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 582D63B0-129D-4C07-9336-F7E98748571E (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data. (string)

}

1 : { »

lang : es (string)

value : Existe un problema de documentación técnica insuficiente en todas las versiones de firmware de la cámara térmica serie TMC. El usuario del producto afectado no conoce los datos guardados internamente. Al acceder físicamente al producto afectado, un atacante puede recuperar los datos internos. (string)

}

]

id : CVE-2024-22028 (string)

lastModified : 2024-11-21T08:55:25.737 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : PHYSICAL (string)

availabilityImpact : NONE (string)

baseScore : 4.6 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 0.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-01-15T07:15:09.507 (string)

references : [ »

0 : { »

source : vultures@jpcert.or.jp (string)

tags : [ »

0 : Product (string)

]

url : https://3rrr-btob.jp/archives/news/23624 (string)

}

1 : { »

source : vultures@jpcert.or.jp (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://jvn.jp/en/jp/JVN96240417/ (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Product (string)

]

url : https://3rrr-btob.jp/archives/news/23624 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://jvn.jp/en/jp/JVN96240417/ (string)

}

]

sourceIdentifier : vultures@jpcert.or.jp (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object