Improper validation of certificate with host mismatch in Hitachi Energy UNEM, ECST and XMC20
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-2462 |
| CWE-ID | CWE-297 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
UNEM Server applications / Other server solutions ECST Server applications / Other server solutions XMC20 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Hitachi Energy |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper validation of certificate with host mismatch
EUVDB-ID: #VU105349
Risk: Low
CVSSv4.0: 1.8 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-2462
CWE-ID:
CWE-297 - Improper Validation of Certificate with Host Mismatch
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper validation of certificate with host mismatch. An attacker with physical access can intercept or falsify data exchanges between the client and the server.
MitigationInstall updates from vendor's website.
Vulnerable software versionsUNEM: R15B PC4 - R16A
XMC20: before R16B
ECST: before 16.2.1
CPE2.3- cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi_energy:unem:R15B PC4:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi_energy:unem:R15A:*:*:*:*:*:*:*
- cpe:2.3:h:hitachi_energy:xmc20:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi_energy:ecst:*:*:*:*:*:*:*:*
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198&languageCode=en&Preview=true
https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-05
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
