Unauthorized Access Vulnerability in Energy Management Controller
CVE-2024-23783

8.8HIGH

Key Information:

Vendor: Sharp Corporation
Status: Energy Management Controller With Cloud Services
Vendor: CVE Published:; 14 February 2024

Summary

An improper authentication vulnerability exists in the Energy Management Controller with Cloud Services models JH-RVB1 and JH-RV11, specifically in version B0.1.9.1 and earlier. This flaw allows a network-adjacent attacker to bypass authentication mechanisms and gain unauthorized access to the device. The absence of stringent authentication protocols poses significant security risks, enabling potential intrusions that could compromise the integrity and functionality of the affected systems.

Affected Version(s)

Energy Management Controller with Cloud Services JH-RVB1 Ver.B0.1.9.1 and earlier

Energy Management Controller with Cloud Services JH-RV11 Ver.B0.1.9.1 and earlier

References

https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf

https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf

https://jvn.jp/en/vu/JVNVU94591337/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Jan 22, 2024