Insufficient Technical Documentation in THREE R SOLUTION products - CVE-2024-22028

 

Insufficient Technical Documentation in THREE R SOLUTION products - CVE-2024-22028

Published: January 16, 2024


Vulnerability identifier: #VU85428
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-22028
CWE-ID: CWE-1059
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: THREE R SOLUTION
Affected software:
3R-TMC01
3R-TMC02
3R-TMC03
3R-TMC04
3R-TMC05
3R-TMC06

Detailed vulnerability description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to insufficient technical documentation. An authenticated attacker with physical access can gain unauthorized access to sensitive information on the system.


How to mitigate CVE-2024-22028

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources