{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-2377","assignerOrgId":"e383dce4-0c27-4495-91c4-0db157728d17","state":"PUBLISHED","assignerShortName":"Hitachi Energy","dateReserved":"2024-03-11T14:03:45.510Z","datePublished":"2024-04-30T12:55:20.956Z","dateUpdated":"2024-08-01T19:11:53.467Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"SDM600","vendor":"Hitachi Energy","versions":[{"lessThan":"1.3.4","status":"affected","version":"0","versionType":"custom"},{"status":"unaffected","version":"1.3.4.572"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information."}],"value":"A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information."}],"impacts":[{"capecId":"CAPEC-234","descriptions":[{"lang":"en","value":"CAPEC-234 Hijacking a privileged process"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":7.6,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-346","description":"CWE-346 Origin Validation Error","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e383dce4-0c27-4495-91c4-0db157728d17","shortName":"Hitachi Energy","dateUpdated":"2024-04-30T12:55:20.956Z"},"references":[{"url":"https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191&languageCode=en&Preview=true"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-2377","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-05-01T14:38:02.963543Z"}}}],"affected":[{"cpes":["cpe:2.3:h:hitachienergy:sdm600:-:*:*:*:*:*:*:*"],"vendor":"hitachienergy","product":"sdm600","versions":[{"status":"affected","version":"-","lessThan":"1.3.4.572","versionType":"custom"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:30:39.392Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T19:11:53.467Z"},"title":"CVE Program Container","references":[{"url":"https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191&languageCode=en&Preview=true","tags":["x_transferred"]}]}]}}