CVE-2024-2728 - Vulnerability Details - OpenCVE

Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00041.

Key SSVC decision points have not yet been added.

Vendors	Products
Atisoluciones	Ciges
Ciges	Cigesv2

Configuration 1 [-]

cpe:2.3:a:atisoluciones:ciges:2.0:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Ciges	Cigesv2

Advisories

Source	ID	Title
EUVD	EUVD-2024-27673	Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol.

Fixes

Solution

All vulnerabilities have been fixed in the new product version, CIGESv3. The manufacturer has developed a patch for those customers who have not migrated to the new version.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system

History

Wed, 15 Oct 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Atisoluciones Atisoluciones ciges
CPEs		cpe:2.3:a:atisoluciones:ciges:2.0:::::::*
Vendors & Products		Atisoluciones Atisoluciones ciges

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2024-03-22T13:37:23.204Z

Updated: 2024-08-01T19:25:41.209Z

Reserved: 2024-03-20T11:33:52.434Z

Link: CVE-2024-2728

Vulnrichment

Updated: 2024-08-01T19:25:41.209Z

NVD

Status : Analyzed

Published: 2024-03-22T14:15:10.807

Modified: 2025-10-15T18:02:43.317

Link: CVE-2024-2728

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-12T22:09:29Z

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2728", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2024-03-20T11:33:52.434Z", "datePublished": "2024-03-22T13:37:23.204Z", "dateUpdated": "2024-08-01T19:25:41.209Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CIGESv2", "vendor": "Ciges", "versions": [{"status": "affected", "version": "CIGESv2"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Rub\u00e9n L\u00f3pez Herrera"}], "datePublic": "2024-03-22T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol."}], "value": "Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2024-03-22T13:37:23.204Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "All vulnerabilities have been fixed in the new product version, CIGESv3. The manufacturer has developed a patch for those customers who have not migrated to the new version."}], "value": "All vulnerabilities have been fixed in the new product version, CIGESv3. The manufacturer has developed a patch for those customers who have not migrated to the new version."}], "source": {"discovery": "UNKNOWN"}, "title": "Information exposure vulnerability in the CIGESv2 system", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-08T14:57:27.270821Z", "id": "CVE-2024-2728", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T19:52:26.237Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:25:41.209Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:25:41.209Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2728", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-08T14:57:27.270821Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T19:52:23.813Z"}}], "cna": {"title": "Information exposure vulnerability in the CIGESv2 system", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Rub\u00e9n L\u00f3pez Herrera"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ciges", "product": "CIGESv2", "versions": [{"status": "affected", "version": "CIGESv2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "All vulnerabilities have been fixed in the new product version, CIGESv3. The manufacturer has developed a patch for those customers who have not migrated to the new version.", "supportingMedia": [{"type": "text/html", "value": "All vulnerabilities have been fixed in the new product version, CIGESv3. The manufacturer has developed a patch for those customers who have not migrated to the new version.", "base64": false}]}], "datePublic": "2024-03-22T11:00:00.000Z", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol.", "supportingMedia": [{"type": "text/html", "value": "Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2024-03-22T13:37:23.204Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2728", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:25:41.209Z", "dateReserved": "2024-03-20T11:33:52.434Z", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "datePublished": "2024-03-22T13:37:23.204Z", "assignerShortName": "INCIBE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atisoluciones:ciges:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0B98131C-7B7E-4A5D-A1C0-B5597C729D64", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol."}, {"lang": "es", "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n en el sistema CIGESv2. Esta vulnerabilidad podr\u00eda permitir que un atacante local intercepte el tr\u00e1fico debido a la falta de una implementaci\u00f3n adecuada del protocolo TLS."}], "id": "CVE-2024-2728", "lastModified": "2025-10-15T18:02:43.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-22T14:15:10.807", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}]}