CVE-2024-2244

MEDIUM

Hitachi Energy Asset Suite EAM 9.6.3.0-9.6.3.12 & 9.6.4.0 - Improper Authentication

Title source: llm

Description

REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations.

References (1)

Core 1

Core References

Various Sources

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000195&languageCode=en&Preview=true

Scores

CVSS v3 5.3

EPSS 0.0037

EPSS Percentile 28.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-287

Status published

Products (2)

Hitachi Energy/Asset Suite EAM 9.6.3.0 - 9.6.3.13

Hitachi Energy/Asset Suite EAM 9.6.4.0 - 9.6.4.1

Published Mar 27, 2024

Tracked Since Feb 18, 2026