CVE-2024-23847 - Vulnerability Details - OpenCVE

Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Yokogawa Rental Lease Corporation	Unifier

No data.

No data.

References

Link	Providers
https://jvn.jp/en/jp/JVN17680667/
https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html
https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html
https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html

History

Tue, 08 Apr 2025 04:45:00 +0000

Type	Values Removed	Values Added
Description	Incorrect default permissions issue exists in Unifier and Unifier Cast Version.5.0 or later, and the patch "20240527" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted.	Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.
References		https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html
Metrics		cvssV3_0 `{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2024-05-31T06:11:15.428Z

Updated: 2025-04-08T04:36:31.500Z

Reserved: 2024-01-23T07:00:54.325Z

Link: CVE-2024-23847

Vulnrichment

Updated: 2024-08-01T23:13:08.240Z

NVD

Status : Awaiting Analysis

Published: 2024-05-31T06:15:10.070

Modified: 2025-04-08T05:15:37.357

Link: CVE-2024-23847

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23847", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-01-23T07:00:54.325Z", "datePublished": "2024-05-31T06:11:15.428Z", "dateUpdated": "2025-04-08T04:36:31.500Z"}, "containers": {"cna": {"affected": [{"vendor": "Yokogawa Rental & Lease Corporation", "product": "Unifier", "versions": [{"version": "Version.5.0 or later but prior to v5.10.6", "status": "affected"}, {"version": "and the patch \"20240527\" not applied", "status": "affected"}]}, {"vendor": "Yokogawa Rental & Lease Corporation", "product": "Unifier Cast", "versions": [{"version": "Version.5.0 or later but prior to v5.10.6", "status": "affected"}, {"version": "and the patch \"20240527\" not applied", "status": "affected"}]}, {"vendor": "Yokogawa Rental & Lease Corporation", "product": "Unifier Cast", "versions": [{"version": "Version.6.0 or later but prior to v6.5.0", "status": "affected"}, {"version": "and the patch \"20240527\" not applied", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted."}], "problemTypes": [{"descriptions": [{"description": "Incorrect default permissions", "lang": "en-US", "cweId": "CWE-276", "type": "CWE"}]}], "references": [{"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html"}, {"url": "https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html"}, {"url": "https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html"}, {"url": "https://jvn.jp/en/jp/JVN17680667/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-04-08T04:36:31.500Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-276", "lang": "en", "description": "CWE-276 Incorrect Default Permissions"}]}], "affected": [{"vendor": "yokogawa_rental_lease_corporation", "product": "unifier", "cpes": ["cpe:2.3:a:yokogawa_rental_lease_corporation:unifier:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.0", "status": "affected", "lessThan": "5.10", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-06T18:05:15.775654Z", "id": "CVE-2024-23847", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T18:24:08.424Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.240Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN17680667/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN17680667/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.240Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23847", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-06T18:05:15.775654Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:yokogawa_rental_lease_corporation:unifier:*:*:*:*:*:*:*:*"], "vendor": "yokogawa_rental_lease_corporation", "product": "unifier", "versions": [{"status": "affected", "version": "5.0", "lessThan": "5.10", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T18:24:03.526Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Yokogawa Rental & Lease Corporation", "product": "Unifier", "versions": [{"status": "affected", "version": "Version.5.0 or later but prior to v5.10.6"}, {"status": "affected", "version": "and the patch \"20240527\" not applied"}]}, {"vendor": "Yokogawa Rental & Lease Corporation", "product": "Unifier Cast", "versions": [{"status": "affected", "version": "Version.5.0 or later but prior to v5.10.6"}, {"status": "affected", "version": "and the patch \"20240527\" not applied"}]}, {"vendor": "Yokogawa Rental & Lease Corporation", "product": "Unifier Cast", "versions": [{"status": "affected", "version": "Version.6.0 or later but prior to v6.5.0"}, {"status": "affected", "version": "and the patch \"20240527\" not applied"}]}], "references": [{"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html"}, {"url": "https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html"}, {"url": "https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html"}, {"url": "https://jvn.jp/en/jp/JVN17680667/"}], "descriptions": [{"lang": "en", "value": "Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-276", "description": "Incorrect default permissions"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-04-08T04:36:31.500Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23847", "state": "PUBLISHED", "dateUpdated": "2025-04-08T04:36:31.500Z", "dateReserved": "2024-01-23T07:00:54.325Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-05-31T06:11:15.428Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted."}, {"lang": "es", "value": "Existe un problema de permisos predeterminados incorrectos en Unifier y Unifier Cast versi\u00f3n 5.0 o posterior, y el parche \"20240527\" no se aplic\u00f3. Si se explota esta vulnerabilidad, se puede ejecutar c\u00f3digo arbitrario con privilegios LocalSystem. Como resultado, se puede instalar un programa malicioso y se pueden modificar o eliminar datos."}], "id": "CVE-2024-23847", "lastModified": "2025-04-08T05:15:37.357", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-31T06:15:10.070", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN17680667/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://jvn.jp/en/jp/JVN17680667/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Primary"}]}