{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-41153","assignerOrgId":"e383dce4-0c27-4495-91c4-0db157728d17","state":"PUBLISHED","assignerShortName":"Hitachi Energy","dateReserved":"2024-07-16T16:02:30.295Z","datePublished":"2024-10-29T12:30:31.402Z","dateUpdated":"2025-11-04T16:00:52.178Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"TRO600","vendor":"Hitachi Energy","versions":[{"lessThanOrEqual":"9.2.0.0","status":"affected","version":"9.1.0.0","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Command injection vulnerability in the Edge Computing UI for the\nTRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the\nweb UI can execute commands on the device with root privileges,\nfar more extensive than what the write privilege intends.\n\n<br>"}],"value":"Command injection vulnerability in the Edge Computing UI for the\nTRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the\nweb UI can execute commands on the device with root privileges,\nfar more extensive than what the write privilege intends."}],"impacts":[{"capecId":"CAPEC-248","descriptions":[{"lang":"en","value":"CAPEC-248 Command Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e383dce4-0c27-4495-91c4-0db157728d17","shortName":"Hitachi Energy","dateUpdated":"2025-10-24T08:38:07.234Z"},"references":[{"tags":["vendor-advisory"],"url":"https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147&LanguageCode=en&DocumentPartId=&Action=launch"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"affected":[{"vendor":"hitachi_energy","product":"tro600","cpes":["cpe:2.3:a:hitachi_energy:tro600:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"9.1.0.0","status":"affected","lessThanOrEqual":"9.2.0.0","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-29T13:54:05.290769Z","id":"CVE-2024-41153","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-11-04T16:00:52.178Z"}}]}}