CVE-2024-9928 — MEDIUM (5.3)

Vulnerability Description

A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the system supports only one concurrent session and implements a delay of more than a second between failed login attempts making it difficult to automate the attacks.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Related Weaknesses (CWE)

CWE-307

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000173&LanguageCode=e

FAQ

What is CVE-2024-9928?

CVE-2024-9928 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an att...

How severe is CVE-2024-9928?

CVE-2024-9928 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-9928?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.