CVE-2024-41156
LOWHitachi Energy TRO600 Series Firmware 9.1.0.0-9.2.0.5 - Authenticated Sensitive Information Exposure via Profile Export
Title source: llmDescription
Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with higher privilege of write access.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147&LanguageCode=en&DocumentPartId=&Action=launch
Scores
CVSS v3
2.7
EPSS
0.0036
EPSS Percentile
28.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-212
Status
published
Products (3)
hitachienergy/tro610_firmware
9.1.0.0 - 9.2.0.5
hitachienergy/tro620_firmware
9.1.0.0 - 9.2.0.5
hitachienergy/tro670_firmware
9.1.0.0 - 9.2.0.5
Published
Oct 29, 2024
Tracked Since
Feb 18, 2026