[Japanese]

JVNDB-2024-001161

Multiple vulnerabilities in SHARP Energy Management Controller with Cloud Services

Overview

Energy Management Controller with Cloud Services provided by SHARP CORPORATION contains multiple vulnerabilities listed below.

* Improper authentication (CWE-287) - CVE-2024-23783
* Improper access control (CWE-284) - CVE-2024-23784
* Cross-site request forgery (CWE-352) - CVE-2024-23785
* Stored cross-site scripting (CWE-79) - CVE-2024-23786
* Path traversal (CWE-22) - CVE-2024-23787
* Server-side request forgery (CWE-918) - CVE-2024-23788
* OS command injection (CWE-78) - CVE-2024-23789

Shoji Baba of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.6 (Critical) [Other]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-23789

CVSS V3 Severity:
Base Metrics7.4 (High) [Other]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-23787

CVSS V3 Severity:
Base Metrics7.1 (High) [Other]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2024-23783

CVSS V3 Severity:
Base Metrics6.1 (Medium) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2024-23785

CVSS V3 Severity:
Base Metrics5.2 (Medium) [Other]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2024-23786

CVSS V3 Severity:
Base Metrics4.7 (Medium) [Other]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-23784

CVSS V3 Severity:
Base Metrics4.7 (Medium) [Other]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2024-23788
Affected Products

Energy Management Controller with Cloud Services

Sharp Corporation
  • JH-RV11 Ver.B0.1.9.1 and earlier
  • JH-RVB1 Ver.B0.1.9.1 and earlier

Impact

CVE-2024-23783
A network-adjacent unauthenticated attacker may access the affected product without authentication

CVE-2024-23784
A network-adjacent unauthenticated attacker may obtain a user name and its hashed password which are displayed on the management page of the affected product

CVE-2024-23785
A remote unauthenticated attacker may change the product settings

CVE-2024-23786
An arbitrary script may be executed on the web browser of the user who is accessing the management page of the affected product

CVE-2024-23787
A network-adjacent unauthenticated attacker may obtain an arbitrary file in the affected product

CVE-2024-23788
A network-adjacent unauthenticated attacker may send an arbitrary HTTP request (GET) from the affected product

CVE-2024-23789
A network-adjacent unauthenticated attacker may execute an arbitrary command on the affected product
Solution

[Update the software]
Update Energy Management Controller with Cloud Services to Ver.B0.2.0.0.
The automatic update will be applied if Energy Management Controller with Cloud Services is connected to internet.

[Apply workaround]
Applying the following workarounds may mitigate the impacts of these vulnerabilities.

* Do not connect the product to internet directly, and user it within the network protected by using a router, etc.
* Use stronger encryption standard when using a wireless LAN router
* Change the factory default administrative password
* Keep the firmware the latest state by applying the firmware update periodically
Vendor Information

Sharp Corporation
CWE (What is CWE?)

  1. Path Traversal(CWE-22) [Other]
  2. Improper Access Control(CWE-284) [Other]
  3. Improper Authentication(CWE-287) [Other]
  4. Cross-Site Request Forgery(CWE-352) [Other]
  5. OS Command Injection(CWE-78) [Other]
  6. Cross-site Scripting(CWE-79) [Other]
  7. Server-Side Request Forgery (SSRF)(CWE-918) [Other]
CVE (What is CVE?)

  1. CVE-2024-23783
  2. CVE-2024-23784
  3. CVE-2024-23785
  4. CVE-2024-23786
  5. CVE-2024-23787
  6. CVE-2024-23788
  7. CVE-2024-23789
References

  1. JVN : JVNVU#94591337
Revision History

  • [2024/01/31]
      Web page was published

Date Public2024/01/30
Date First Published2024/01/31
Date Last Updated2024/01/31