{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23847", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-01-23T07:00:54.325Z", "datePublished": "2024-05-31T06:11:15.428Z", "dateUpdated": "2024-08-01T23:13:08.240Z"}, "containers": {"cna": {"affected": [{"vendor": "Yokogawa Rental & Lease Corporation", "product": "Unifier", "versions": [{"version": "Version.5.0 or later", "status": "affected"}, {"version": " and the patch \"20240527\" not applied", "status": "affected"}]}, {"vendor": "Yokogawa Rental & Lease Corporation", "product": "Unifier Cast ", "versions": [{"version": "Version.5.0 or later", "status": "affected"}, {"version": " and the patch \"20240527\" not applied", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Incorrect default permissions issue exists in Unifier and Unifier Cast Version.5.0 or later, and the patch \"20240527\" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted."}], "problemTypes": [{"descriptions": [{"description": "Incorrect Default Permissions", "lang": "en", "type": "text"}]}], "references": [{"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html"}, {"url": "https://jvn.jp/en/jp/JVN17680667/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-05-31T06:11:15.428Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-276", "lang": "en", "description": "CWE-276 Incorrect Default Permissions"}]}], "affected": [{"vendor": "yokogawa_rental_lease_corporation", "product": "unifier", "cpes": ["cpe:2.3:a:yokogawa_rental_lease_corporation:unifier:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.0", "status": "affected", "lessThan": "5.10", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-06T18:05:15.775654Z", "id": "CVE-2024-23847", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T18:24:08.424Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.240Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN17680667/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23847", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-01-23T07:00:54.325Z", "datePublished": "2024-05-31T06:11:15.428Z", "dateUpdated": "2024-06-06T18:24:08.424Z"}, "containers": {"cna": {"affected": [{"vendor": "Yokogawa Rental & Lease Corporation", "product": "Unifier", "versions": [{"version": "Version.5.0 or later", "status": "affected"}, {"version": " and the patch \"20240527\" not applied", "status": "affected"}]}, {"vendor": "Yokogawa Rental & Lease Corporation", "product": "Unifier Cast ", "versions": [{"version": "Version.5.0 or later", "status": "affected"}, {"version": " and the patch \"20240527\" not applied", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Incorrect default permissions issue exists in Unifier and Unifier Cast Version.5.0 or later, and the patch \"20240527\" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted."}], "problemTypes": [{"descriptions": [{"description": "Incorrect Default Permissions", "lang": "en", "type": "text"}]}], "references": [{"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html"}, {"url": "https://jvn.jp/en/jp/JVN17680667/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-05-31T06:11:15.428Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23847", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-06T18:05:15.775654Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:yokogawa_rental_lease_corporation:unifier:*:*:*:*:*:*:*:*"], "vendor": "yokogawa_rental_lease_corporation", "product": "unifier", "versions": [{"status": "affected", "version": "5.0", "lessThan": "5.10", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T18:24:03.526Z"}}]}}

{"descriptions": [{"lang": "en", "value": "Incorrect default permissions issue exists in Unifier and Unifier Cast Version.5.0 or later, and the patch \"20240527\" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted."}, {"lang": "es", "value": "Existe un problema de permisos predeterminados incorrectos en Unifier y Unifier Cast versi\u00f3n 5.0 o posterior, y el parche \"20240527\" no se aplic\u00f3. Si se explota esta vulnerabilidad, se puede ejecutar c\u00f3digo arbitrario con privilegios LocalSystem. Como resultado, se puede instalar un programa malicioso y se pueden modificar o eliminar datos."}], "id": "CVE-2024-23847", "lastModified": "2024-11-21T08:58:32.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-31T06:15:10.070", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN17680667/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://jvn.jp/en/jp/JVN17680667/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}