#VU105349 Improper validation of certificate with host mismatch in Hitachi Energy products - CVE-2024-2462

Cybersecurity Help s.r.o.

Published: 2025-03-05

Vulnerability identifier: #VU105349

Vulnerability risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-2462

CWE-ID: CWE-297

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
UNEM
Server applications / Other server solutions
ECST
Server applications / Other server solutions
XMC20
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Hitachi Energy

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper validation of certificate with host mismatch. An attacker with physical access can intercept or falsify data exchanges between the client and the server.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

UNEM: R15B PC4 - R16A

XMC20: before R16B

ECST: before 16.2.1

External links
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198&languageCode=en&Preview=true
https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-05

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper validation of certificate with host mismatch in Hitachi Energy UNEM, ECST and XMC20