Search criteria
3 vulnerabilities by hima
CVE-2024-24782 (GCVE-0-2024-24782)
Vulnerability from cvelistv5 – Published: 2024-02-13 13:46 – Updated: 2025-05-08 18:21
VLAI?
Title
HIMA: Origin Validation Error in multiple products
Summary
An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN.
Severity ?
4.3 (Medium)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| HIMA | F30 03X YY (COM) |
Affected:
0 , ≤ 24.14
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2024-013"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24782",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:21:12.808296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:21:23.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "F30 03X YY (COM)",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "24.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F30 03X YY (CPU)",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "18.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F35 03X YY (COM)",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "24.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F35 03X YY (CPU)",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "18.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F60 CPU 03X YY (COM)",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "24.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F60 CPU 03X YY (CPU)",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "18.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F-COM 01",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "14.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F-COM 01 coated",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "14.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F-CPU 01",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "14.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F-CPU 01 coated",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "14.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-COM 01 E YY",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "15.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-COM 01 YY",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "14.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-CPU 01",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "14.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-CPU 31",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "14.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-02-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN."
}
],
"value": "An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T13:47:58.187Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-013"
}
],
"source": {
"advisory": "VDE-2024-013",
"defect": [
"CERT@VDE#64651"
],
"discovery": "UNKNOWN"
},
"title": "HIMA: Origin Validation Error in multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-24782",
"datePublished": "2024-02-13T13:46:58.469Z",
"dateReserved": "2024-01-30T14:47:38.518Z",
"dateUpdated": "2025-05-08T18:21:23.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24781 (GCVE-0-2024-24781)
Vulnerability from cvelistv5 – Published: 2024-02-13 13:46 – Updated: 2024-11-07 19:05
VLAI?
Title
Hima: Uncontrolled Resource Consumption in multiple products
Summary
An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| HIMA | F30 03X YY (COM) |
Affected:
0 , ≤ 24.14
(semver)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2024-013"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T16:53:26.941029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T19:05:15.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "F30 03X YY (COM)",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "24.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F30 03X YY (CPU)",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "18.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F35 03X YY (COM)",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "24.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F35 03X YY (CPU)",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "18.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F60 CPU 03X YY (COM)",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "24.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F60 CPU 03X YY (CPU)",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "18.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F-COM 01",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "14.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F-COM 01 coated",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "14.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F-CPU 01",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "14.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "F-CPU 01 coated",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "14.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-COM 01 E YY",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "15.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-COM 01 YY",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "14.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-CPU 01",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "14.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-CPU 31",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "14.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-SB 01",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "7.54",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-02-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port.\u0026nbsp;"
}
],
"value": "An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port.\u00a0"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T13:48:23.959Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-013"
}
],
"source": {
"advisory": "VDE-2024-013",
"defect": [
"CERT@VDE#64651"
],
"discovery": "UNKNOWN"
},
"title": "Hima: Uncontrolled Resource Consumption in multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-24781",
"datePublished": "2024-02-13T13:46:31.571Z",
"dateReserved": "2024-01-30T14:47:38.517Z",
"dateUpdated": "2024-11-07T19:05:15.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4258 (GCVE-0-2022-4258)
Vulnerability from cvelistv5 – Published: 2023-01-16 09:52 – Updated: 2025-04-03 13:40
VLAI?
Title
Hima: Unquoted path vulnerabilities in HIMA PC based Software
Summary
In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.
Severity ?
7.8 (High)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
Impacted products
Credits
This vulnerability has been found by a HIMA customer.
Case handled by PSIRT@hima.com in cooperation with CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:49.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-059/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T13:39:59.396159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T13:40:22.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HOPCS",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "3.56.4",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-OPC DA",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "5.6.1210",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-OPC A+E ",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "5.6.1210",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-OTS",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "1.32.550",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability has been found by a HIMA customer."
},
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Case handled by PSIRT@hima.com in cooperation with CERT@VDE"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability\u0026nbsp;might allow local users to gain privileges via a malicious .exe file and gain full access to the system."
}
],
"value": "In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability\u00a0might allow local users to gain privileges via a malicious .exe file and gain full access to the system."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-16T09:52:09.647Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-059/"
}
],
"source": {
"advisory": "VDE-2022-059",
"defect": [
"CERT@VDE#64320"
],
"discovery": "EXTERNAL"
},
"title": "Hima: Unquoted path vulnerabilities in HIMA PC based Software",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-4258",
"datePublished": "2023-01-16T09:52:09.647Z",
"dateReserved": "2022-12-01T14:43:52.479Z",
"dateUpdated": "2025-04-03T13:40:22.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}