Summary
Successful exploitation of this vulnerability could compromise the integrity of the product data and disrupt its availability.
The following versions of Hitachi Energy AFS, AFR and AFF Series are affected:
- AFS 660-B/C/S (CVE-2024-3596)
- AFS 665-B/S (CVE-2024-3596)
- AFS 670 v2.0 (CVE-2024-3596)
- AFS 650 (CVE-2024-3596)
- AFS 655 (CVE-2024-3596)
- AFS 670 (CVE-2024-3596)
- AFS 675 (CVE-2024-3596)
- AFS 677 (CVE-2024-3596)
- AFR 677 (CVE-2024-3596)
- AFF 660 (CVE-2024-3596)
- AFF 665 (CVE-2024-3596)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 9 | Hitachi Energy | Hitachi Energy AFS, AFR and AFF Series | Improper Enforcement of Message Integrity During Transmission in a Communication Channel |
Background
- Critical Infrastructure Sectors: Energy
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Switzerland
Vulnerabilities
CVE-2024-3596
The RADIUS protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid response (access-accept, access-reject, or access-challenge) to any other response using a chosen-prefix collision attack against the MD5 response authenticator signature.
Affected Products
Hitachi Energy AFS, AFR and AFF Series
Vendor:
Hitachi Energy
Hitachi Energy
Product Version:
Hitachi Energy AFS 660-B/C/S: vers:all/*, Hitachi Energy AFS 665-B/S: vers:all/*, Hitachi Energy AFS 670 v2.0: vers:all/*, Hitachi Energy AFS 6
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Hitachi Energy AFS 660-B/C/S: vers:all/*, Hitachi Energy AFS 665-B/S: vers:all/*, Hitachi Energy AFS 670 v2.0: vers:all/*, Hitachi Energy AFS 6
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article: