CVE-2024-36246: Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with...
Description
Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.
Classification
CVE ID: CVE-2024-36246
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.8
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Problem Types
Missing authorizationAffected Products
Vendor: Yokogawa Rental & Lease Corporation, Yokogawa Rental & Lease Corporation, Yokogawa Rental & Lease Corporation
Product: Unifier, Unifier Cast, Unifier Cast
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.21% (probability of being exploited)
EPSS Percentile: 43.57% (scored less or equal to compared to others)
EPSS Date: 2025-04-18 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: true
References
https://nvd.nist.gov/vuln/detail/CVE-2024-36246https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html
https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html
https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html
https://jvn.jp/en/jp/JVN17680667/