CVE-2024-23783 - OpenCVE

Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sharp	Jh-rv11 Jh-rv11 Firmware Jh-rvb1 Jh-rvb1 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:sharp:jh-rvb1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp:jh-rvb1:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:sharp:jh-rv11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp:jh-rv11:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf
https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf
https://jvn.jp/en/vu/JVNVU94591337/

History

Thu, 17 Oct 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sharp Sharp jh-rv11 Sharp jh-rv11 Firmware Sharp jh-rvb1 Sharp jh-rvb1 Firmware
Weaknesses		CWE-306
CPEs		cpe:2.3:h:sharp:jh-rv11:::::::: cpe:2.3:h:sharp:jh-rvb1:::::::: cpe:2.3:o:sharp:jh-rv11_firmware:::::::: cpe:2.3:o:sharp:jh-rvb1_firmware::::::::
Vendors & Products		Sharp Sharp jh-rv11 Sharp jh-rv11 Firmware Sharp jh-rvb1 Sharp jh-rvb1 Firmware
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2024-02-14T10:02:32.489Z

Updated: 2024-08-14T19:11:47.250Z

Reserved: 2024-01-22T09:56:37.454Z

Link: CVE-2024-23783

Vulnrichment

Updated: 2024-08-01T23:13:08.085Z

NVD

Status : Analyzed

Published: 2024-02-14T10:15:08.540

Modified: 2024-10-17T15:13:49.793

Link: CVE-2024-23783

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23783", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-01-22T09:56:37.454Z", "datePublished": "2024-02-14T10:02:32.489Z", "dateUpdated": "2024-08-14T19:11:47.250Z"}, "containers": {"cna": {"affected": [{"vendor": "SHARP CORPORATION", "product": "Energy Management Controller with Cloud Services", "versions": [{"version": "JH-RVB1 Ver.B0.1.9.1 and earlier", "status": "affected"}]}, {"vendor": "SHARP CORPORATION", "product": "Energy Management Controller with Cloud Services", "versions": [{"version": "JH-RV11 Ver.B0.1.9.1 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication."}], "problemTypes": [{"descriptions": [{"description": "Improper authentication", "lang": "en", "type": "text"}]}], "references": [{"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"}, {"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"}, {"url": "https://jvn.jp/en/vu/JVNVU94591337/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-02-14T10:02:32.489Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.085Z"}, "title": "CVE Program Container", "references": [{"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf", "tags": ["x_transferred"]}, {"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU94591337/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-14T19:11:37.699842Z", "id": "CVE-2024-23783", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T19:11:47.250Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23783", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-01-22T09:56:37.454Z", "datePublished": "2024-02-14T10:02:32.489Z", "dateUpdated": "2024-08-14T19:11:47.250Z"}, "containers": {"cna": {"affected": [{"vendor": "SHARP CORPORATION", "product": "Energy Management Controller with Cloud Services", "versions": [{"version": "JH-RVB1 Ver.B0.1.9.1 and earlier", "status": "affected"}]}, {"vendor": "SHARP CORPORATION", "product": "Energy Management Controller with Cloud Services", "versions": [{"version": "JH-RV11 Ver.B0.1.9.1 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication."}], "problemTypes": [{"descriptions": [{"description": "Improper authentication", "lang": "en", "type": "text"}]}], "references": [{"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"}, {"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"}, {"url": "https://jvn.jp/en/vu/JVNVU94591337/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-02-14T10:02:32.489Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.085Z"}, "title": "CVE Program Container", "references": [{"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf", "tags": ["x_transferred"]}, {"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU94591337/", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23783", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-14T19:11:37.699842Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T19:11:42.963Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sharp:jh-rvb1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7EC16DF-21FB-473F-8F62-DDBF1C149A9B", "versionEndIncluding": "b0.1.9.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sharp:jh-rvb1:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE2814EB-D067-4920-A450-4F90431EA461", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sharp:jh-rv11_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0A2340C-A0BC-4DD5-A120-F7041D76D776", "versionEndIncluding": "b0.1.9.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sharp:jh-rv11:*:*:*:*:*:*:*:*", "matchCriteriaId": "C13F6906-8ED6-40DE-8B18-260B7765C4A9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication."}, {"lang": "es", "value": "Vulnerabilidad de autenticaci\u00f3n incorrecta en Energy Management Controller con servicios en la nube JH-RVB1 /JH-RV11 Ver.B0.1.9.1 y anteriores permite que un atacante no autenticado adyacente a la red acceda al producto afectado sin autenticaci\u00f3n."}], "id": "CVE-2024-23783", "lastModified": "2024-10-17T15:13:49.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-14T10:15:08.540", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU94591337/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}