CVE-2024-2377

HIGH

SDM600 - Privilege Escalation

Title source: llm

Description

A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information.

References (1)

[Various Sources] https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191&languageCode=en&Preview=true

Scores

CVSS v3 7.6

EPSS 0.0009

EPSS Percentile 26.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-346

Status published

Products (2)

Hitachi Energy/SDM600 < 1.3.4

Hitachi Energy/SDM600 1.3.4.572

Published Apr 30, 2024

Tracked Since Feb 18, 2026