CVE-2024-36246

Summary

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.

Affected Software

VendorProductVersion RangeStatus
Yokogawa Rental & Lease CorporationUnifierVersion.5.0 or later but prior to v5.10.6affected
Yokogawa Rental & Lease CorporationUnifierand the patch "20240527" not appliedaffected
Yokogawa Rental & Lease CorporationUnifier CastVersion.5.0 or later but prior to v5.10.6affected
Yokogawa Rental & Lease CorporationUnifier Castand the patch "20240527" not appliedaffected
Yokogawa Rental & Lease CorporationUnifier CastVersion.6.0 or later but prior to v6.5.0affected
Yokogawa Rental & Lease CorporationUnifier Castand the patch "20240527" not appliedaffected

Weaknesses

  • CWE-862: Missing authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References