CVE-2024-36246
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Yokogawa Rental & Lease Corporation | Unifier | Version.5.0 or later but prior to v5.10.6 | affected |
| Yokogawa Rental & Lease Corporation | Unifier | and the patch "20240527" not applied | affected |
| Yokogawa Rental & Lease Corporation | Unifier Cast | Version.5.0 or later but prior to v5.10.6 | affected |
| Yokogawa Rental & Lease Corporation | Unifier Cast | and the patch "20240527" not applied | affected |
| Yokogawa Rental & Lease Corporation | Unifier Cast | Version.6.0 or later but prior to v6.5.0 | affected |
| Yokogawa Rental & Lease Corporation | Unifier Cast | and the patch "20240527" not applied | affected |
Weaknesses
- CWE-862: Missing authorization
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html
- https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html
- https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html
- https://jvn.jp/en/jp/JVN17680667/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.