Sensitivity of Profile File Handling in Tropos Radios from Hitachi Energy
CVE-2024-41156

2.7LOW

Key Information:

Vendor: Hitachi
Status: Tro610 Firmware
Vendor: CVE Published:; 29 October 2024

What is CVE-2024-41156?

The vulnerability concerns profile files associated with the TRO600 series radios from Hitachi Energy, which can be extracted in both plain-text and encrypted formats. These profile files contain critical configuration details about the Tropos network that could be leveraged by potential attackers. Although only authenticated users with elevated privileges can export these files, the risk lies in the potential for unauthorized access if security measures are not robustly implemented. Implementing strong data protection protocols is essential to prevent leakage of sensitive information.

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2024