CVE-2024-36246

CRITICAL

Yokogawa Unifier - Missing Authorization Code Execution as LocalSystem

Title source: manual
STIX 2.1

Description

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.

Scores

CVSS v3 9.8
EPSS 0.0055
EPSS Percentile 41.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-862
Status published
Products (5)
Yokogawa Rental & Lease Corporation/Unifier Version.5.0 or later but prior to v5.10.6
Yokogawa Rental & Lease Corporation/Unifier and the patch "20240527" not applied
Yokogawa Rental & Lease Corporation/Unifier Cast Version.5.0 or later but prior to v5.10.6
Yokogawa Rental & Lease Corporation/Unifier Cast Version.6.0 or later but prior to v6.5.0
Yokogawa Rental & Lease Corporation/Unifier Cast and the patch "20240527" not applied
Published May 31, 2024
Tracked Since Feb 18, 2026