CVE-2024-41156

Summary

Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with higher privilege of write access.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyTRO6009.0.1.0 <= 9.2.0.0affected

Weaknesses

  • CWE-212: CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References