JVN#17680667
Multiple vulnerabilities in Unifier and Unifier Cast
Overview
Unifier and Unifier Cast provided by Yokogawa Rental & Lease Corporation contains multiple vulnerabilities.
Products Affected
- Unifier Version.5.0 or later but prior to v5.10.6, and the patch "20240527" not applied
- Unifier Cast Version.5.0 or later but prior to v5.10.6, and the patch "20240527" not applied
- Unifier Cast Version.6.0 or later but prior to v6.5.0, and the patch "20240527" not applied
Description
Unifier and Unifier Cast provided by Yokogawa Rental & Lease Corporation contains multiple vulnerabilities listed below.
Impact
An arbitrary code may be executed with LocalSystem privilege.
As a result, a malicious program may be installed, data may be modified or deleted.
Solution
Update the Software or Apply the patch
Update the software to the latest version or apply the patch according to the information provided by the developer.
For more information, refer to the information provided by the developer.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
CVE-2024-23847
Yokogawa Rental & Lease Corporation reported this vulnerability to IPA to notify users of its solution through JVN.
JPCERT/CC and Yokogawa Rental & Lease Corporation coordinated under the Information Security Early Warning Partnership.
CVE-2024-36246
Taisei Ogura of MOTEX Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2024-23847 |
|
CVE-2024-36246 |
|
| JVN iPedia |
JVNDB-2024-000053 |
Update History
- 2025/04/08
- Information under the section [Products Affected], [Solution], and [Vendor Status] was updated