Heap-Based Buffer Overflow Vulnerability in FOXMAN-UN/UNEM Could Lead to Denial of Service or Arbitrary Code Execution
CVE-2024-2011

9.8CRITICAL

Key Information:

Vendor: Hitachi
Status: Foxman-un; Unem
Vendor: CVE Published:; 11 June 2024

What is CVE-2024-2011?

A serious heap-based buffer overflow vulnerability exists in the FOXMAN-UN and UNEM products from Hitachi Energy. This flaw, if exploited, could lead to denial of service for applications utilizing these products. Additionally, attackers could potentially execute arbitrary code, which poses a significant risk as it may operate outside the program's security policies. Special precautions are recommended to mitigate potential exploitation of this vulnerability.

Affected Version(s)

FOXMAN-UN FOXMAN-UN R16B PC2

FOXMAN-UN FOXMAN-UN R15B PC4

FOXMAN-UN FOXMAN-UN R16A

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
Feb 29, 2024