Potential Privilege Escalation Vulnerability in SDM600 HTTP Response Header Settings
CVE-2024-2377

7.6HIGH

Key Information:

Vendor: Hitachi
Status: Sdm600
Vendor: CVE Published:; 30 April 2024

What is CVE-2024-2377?

The SDM600 by Hitachi Energy contains a vulnerability stemming from overly permissive settings in the HTTP response headers. This flaw allows attackers to exploit the configuration, potentially enabling them to perform unauthorized actions or access sensitive information within the server. Properly configuring the web server settings is essential to mitigate the risk associated with this vulnerability and to ensure the security of the deployed system.

Affected Version(s)

SDM600 0 < 1.3.4

SDM600 1.3.4.572

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2024
Vulnerability Reserved
Mar 11, 2024