CVE-2024-9928:

5.3 CVSS

Description

A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could
cause account takeover and unauthorized access to the system
when an attacker conducts brute-force attacks against the
equipment login. Note that the system supports only one concurrent session and implements a delay of more than a second
between failed login attempts making it difficult to automate the
attacks.

Classification

CVE ID: CVE-2024-9928

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

Affected Products

Vendor: Hitachi Energy

Product: NSD570 Teleprotection Equipment

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000173&LanguageCode=en&DocumentPartId=&Action=launch

Timeline

2024-11-27 14:42:11 UTC
CVE