Main Vulnerability Database Vulnerabilities #VU105349

#VU105349 Improper validation of certificate with host mismatch in Hitachi Energy products - CVE-2024-2462

Published: March 5, 2025

Vulnerability identifier: #VU105349

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-2462

CWE-ID: CWE-297

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
UNEM
ECST
XMC20

Software vendor:
Hitachi Energy

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper validation of certificate with host mismatch. An attacker with physical access can intercept or falsify data exchanges between the client and the server.

Remediation

Install updates from vendor's website.

External links

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198&languageCode=en&Preview=true
https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-05

#VU105349 Improper validation of certificate with host mismatch in Hitachi Energy products - CVE-2024-2462

Description

Remediation

External links

Please verify you're human