CVE-2024-2461
published 2024-06-11CVE-2024-2461: If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible
PriorityP336medium6.9CVSS 4.0
AVNACLATNPRHUINVCNVIHVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.50%
38.9th percentile
If exploited an attacker could traverse the file system to access
files or directories that would otherwise be inaccessible
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hitachi_energy | fox61x | <= FOX61x R16B Revision E (cesm3_r16b04_02, cesne_r16b04_02 and f10ne_r16b04_02) | — |
| hitachi_energy | fox61x | — | — |
| hitachi_energy | fox61x | — | — |
| hitachi_energy | fox61x | — | — |
| hitachi_energy | xmc20 | <= XMC20 R16B Revision C (cent2_r16b04_02, co5ne_r16b04_02) | — |
| hitachi_energy | xmc20 | — | — |
| hitachi_energy | xmc20 | — | — |
| hitachi_energy | xmc20 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Hitachi Energy XMC20
cisa_ics·2025-03-04·CVSS 6.9
[MEDIUM] Hitachi Energy XMC20
ICS Advisory
##
Hitachi Energy XMC20
Release DateMarch 04, 2025
Alert CodeICSA-25-063-04
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 6.9
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: XMC20
- Vulnerability: Relative Path Traversal
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to access files or directories outside the authorized scope.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Hitachi Energy reports that the following products are affected:
- XMC20: R15A and prior including all subversions
- XMC20: R15B
- XMC20: R16A
- XMC20: R16B Revision C (cent2_r16b04_02,
co5n
CISA ICS
Hitachi Energy FOX61x Products
cisa_ics·2025-01-16·CVSS 6.9
[MEDIUM] Hitachi Energy FOX61x Products
ICS Advisory
##
Hitachi Energy FOX61x Products
Release DateJanuary 16, 2025
Alert CodeICSA-25-016-07
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 4.9
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: FOX61x Products
- Vulnerability: Relative Path Traversal
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to traverse the file system to access files or directories that would otherwise be inaccessible.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Hitachi Energy reports the following products are affected:
- Hitachi Energy FOX61x: R15A and prior
- Hitachi Energy FOX61x: R15B
- H
GHSA
GHSA-89q4-gfxm-xg78: If exploited an attacker could traverse the file system to access
files or directories that would otherwise be inaccessible
ghsa_unreviewed·2024-06-11
CVE-2024-2461 CWE-23 GHSA-89q4-gfxm-xg78: If exploited an attacker could traverse the file system to access
files or directories that would otherwise be inaccessible
If exploited an attacker could traverse the file system to access
files or directories that would otherwise be inaccessible
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-11
Published