CVE-2024-2377

HIGH

Hitachi Energy SDM600 - Origin Validation Error via HTTP Response Header

Title source: llm

Description

A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information.

References (1)

Core 1

Core References

Various Sources

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191&languageCode=en&Preview=true

Scores

CVSS v3 7.6

EPSS 0.0021

EPSS Percentile 10.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-346

Status published

Products (2)

Hitachi Energy/SDM600 < 1.3.4

Hitachi Energy/SDM600 1.3.4.572

Published Apr 30, 2024

Tracked Since Feb 18, 2026