Main Vulnerability Database Vulnerabilities #VU105349

Improper validation of certificate with host mismatch in Hitachi Energy products - CVE-2024-2462

Published: March 5, 2025

Vulnerability identifier: #VU105349

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-2462

CWE-ID: CWE-297

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Hitachi Energy

Affected software:
UNEM
ECST
XMC20

Detailed vulnerability description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper validation of certificate with host mismatch. An attacker with physical access can intercept or falsify data exchanges between the client and the server.

How to mitigate CVE-2024-2462

Install updates from vendor's website.

Sources

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198&languageCode=en&Preview=true
https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-05

Improper validation of certificate with host mismatch in Hitachi Energy products - CVE-2024-2462

Detailed vulnerability description

How to mitigate CVE-2024-2462

Sources

Please verify you're human