MidnightBSD

Advisories for hima

CVE-2022-4258

In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.

Products Affected

Vendor Product Version
hima x-opc_da *
hima x-opc_a+e *
hima hopcs *
hima x-ots *
CVE-2024-24781

An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
hima f35_03x_yy_(com)_firmware *
hima x-sb_01_firmware *
hima f-cpu_01_firmware *
hima x-com_01_yy_firmware *
hima f30_03x_yy_(com)_firmware *
hima f-com_01_firmware *
hima f30_03x_yy_(cpu)_firmware *
hima x-cpu_01_firmware *
hima x-com_01_e_yy_firmware *
hima x-cpu_31_firmware *
hima f35_03x_yy_(cpu)_firmware *
hima f60_cpu_03x_yy_(com)_firmware *
hima f60_cpu_03x_yy_(cpu)_firmware *
CVE-2024-24782

An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
hima f35_03x_yy_(com)_firmware *
hima x-sb_01_firmware *
hima f-cpu_01_firmware *
hima x-com_01_yy_firmware *
hima f30_03x_yy_(com)_firmware *
hima f-com_01_firmware *
hima f30_03x_yy_(cpu)_firmware *
hima x-cpu_01_firmware *
hima x-com_01_e_yy_firmware *
hima x-cpu_31_firmware *
hima f35_03x_yy_(cpu)_firmware *
hima f60_cpu_03x_yy_(com)_firmware *
hima f60_cpu_03x_yy_(cpu)_firmware *