ICS: Multiple Schneider Electric Products Vulnerabilities
December 24, 2024CryptBot Trojan – Active IOCs
December 24, 2024ICS: Multiple Schneider Electric Products Vulnerabilities
December 24, 2024CryptBot Trojan – Active IOCs
December 24, 2024Severity
High
Analysis Summary
CVE-2024-45068 CVSS:7.1
Hitachi Ops Center Common Services and Ops Center OVA could allow a remote authenticated attacker to obtain sensitive information, caused by credentials leakage vulnerability. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVE-2024-10205 CVSS:9.4
Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics component). This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.3-00; Hitachi Infrastructure Analytics Advisor: from 2.1.0-00 through 4.4.0-00.
Impact
- Information Disclosure
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-45068
- CVE-2024-10205
Affected Vendors
Affected Products
- Hitachi Ops Center Common Services 11.0.3-00
- Hitachi Ops Center OVA 11.0.2-01
- Hitachi Ops Center Analyzer 10.0.0-00 - 11.0.3-00
- Hitachi Infrastructure Analytics Advisor 2.1.0-00 - 4.4.0-00
Remediation
Refer to Hitachi Security Advisory for patch, upgrade, or suggested workaround information.