CVE-2024-2377 - Vulnerability Details - OpenCVE

A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00073.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-27330	A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191&languageCode=en&Preview=true

History

No history.

MITRE

Status: PUBLISHED

Assigner: Hitachi Energy

Published: 2024-04-30T12:55:20.956Z

Updated: 2024-08-01T19:11:53.467Z

Reserved: 2024-03-11T14:03:45.510Z

Link: CVE-2024-2377

Vulnrichment

Updated: 2024-08-01T19:11:53.467Z

NVD

Status : Awaiting Analysis

Published: 2024-04-30T13:15:46.830

Modified: 2024-11-21T09:09:37.327

Link: CVE-2024-2377

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2377", "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "state": "PUBLISHED", "assignerShortName": "Hitachi Energy", "dateReserved": "2024-03-11T14:03:45.510Z", "datePublished": "2024-04-30T12:55:20.956Z", "dateUpdated": "2024-08-01T19:11:53.467Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SDM600", "vendor": "Hitachi Energy", "versions": [{"lessThan": "1.3.4", "status": "affected", "version": "0", "versionType": "custom"}, {"status": "unaffected", "version": "1.3.4.572"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information."}], "value": "A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information."}], "impacts": [{"capecId": "CAPEC-234", "descriptions": [{"lang": "en", "value": "CAPEC-234 Hijacking a privileged process"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-346", "description": "CWE-346 Origin Validation Error", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy", "dateUpdated": "2024-04-30T12:55:20.956Z"}, "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191&languageCode=en&Preview=true"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2377", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-01T14:38:02.963543Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:hitachienergy:sdm600:-:*:*:*:*:*:*:*"], "vendor": "hitachienergy", "product": "sdm600", "versions": [{"status": "affected", "version": "-", "lessThan": "1.3.4.572", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:30:39.392Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.467Z"}, "title": "CVE Program Container", "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191&languageCode=en&Preview=true", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191&languageCode=en&Preview=true", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.467Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2377", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-01T14:38:02.963543Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:hitachienergy:sdm600:-:*:*:*:*:*:*:*"], "vendor": "hitachienergy", "product": "sdm600", "versions": [{"status": "affected", "version": "-", "lessThan": "1.3.4.572", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-01T14:40:03.757Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-234", "descriptions": [{"lang": "en", "value": "CAPEC-234 Hijacking a privileged process"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hitachi Energy", "product": "SDM600", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.4", "versionType": "custom"}, {"status": "unaffected", "version": "1.3.4.572"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191&languageCode=en&Preview=true"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-346", "description": "CWE-346 Origin Validation Error"}]}], "providerMetadata": {"orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy", "dateUpdated": "2024-04-30T12:55:20.956Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2377", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:11:53.467Z", "dateReserved": "2024-03-11T14:03:45.510Z", "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "datePublished": "2024-04-30T12:55:20.956Z", "assignerShortName": "Hitachi Energy"}, "dataVersion": "5.1"}