CVE-2024-23847

Summary

Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.

Affected Software

VendorProductVersion RangeStatus
Yokogawa Rental & Lease CorporationUnifierVersion.5.0 or later but prior to v5.10.6affected
Yokogawa Rental & Lease CorporationUnifierand the patch "20240527" not appliedaffected
Yokogawa Rental & Lease CorporationUnifier CastVersion.5.0 or later but prior to v5.10.6affected
Yokogawa Rental & Lease CorporationUnifier Castand the patch "20240527" not appliedaffected
Yokogawa Rental & Lease CorporationUnifier CastVersion.6.0 or later but prior to v6.5.0affected
Yokogawa Rental & Lease CorporationUnifier Castand the patch "20240527" not appliedaffected

Weaknesses

  • CWE-276: Incorrect default permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References