Lucene search

Hitachi EnergyCVE-2024-28020

HistoryJun 11, 2024 - 7:16 p.m.

CVE-2024-28020

2024-06-1119:16:05

CWE-286

Hitachi Energy

web.nvd.nist.gov

vulnerability

foxman-un

unem

password reuse

application

server management

malicious user

access

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

20.0%

JSON

A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious user
could use the passwords and login information to extend access on
the server and other services.

Affected configurations

Nvd

Node

hitachienergyfoxman_unMatchr15a

hitachienergyfoxman_unMatchr15b

hitachienergyfoxman_unMatchr16a

hitachienergyfoxman_unMatchr16b

hitachienergyunemMatchr15a

hitachienergyunemMatchr15b

hitachienergyunemMatchr16a

hitachienergyunemMatchr16b

VendorProductVersionCPE
hitachienergyfoxman_unr15acpe:2.3:a:hitachienergy:foxman_un:r15a:*:*:*:*:*:*:*
hitachienergyfoxman_unr15bcpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*
hitachienergyfoxman_unr16acpe:2.3:a:hitachienergy:foxman_un:r16a:*:*:*:*:*:*:*
hitachienergyfoxman_unr16bcpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*
hitachienergyunemr15acpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*
hitachienergyunemr15bcpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*
hitachienergyunemr16acpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*
hitachienergyunemr16bcpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hitachienergy	foxman_un	r15a	cpe:2.3:a:hitachienergy:foxman_un:r15a:::::::*
hitachienergy	foxman_un	r15b	cpe:2.3:a:hitachienergy:foxman_un:r15b:::::::*
hitachienergy	foxman_un	r16a	cpe:2.3:a:hitachienergy:foxman_un:r16a:::::::*
hitachienergy	foxman_un	r16b	cpe:2.3:a:hitachienergy:foxman_un:r16b:::::::*
hitachienergy	unem	r15a	cpe:2.3:a:hitachienergy:unem:r15a:::::::*
hitachienergy	unem	r15b	cpe:2.3:a:hitachienergy:unem:r15b:::::::*
hitachienergy	unem	r16a	cpe:2.3:a:hitachienergy:unem:r16a:::::::*
hitachienergy	unem	r16b	cpe:2.3:a:hitachienergy:unem:r16b:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "FOXMAN-UN",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "FOXMAN-UN R16B"
      },
      {
        "status": "affected",
        "version": "FOXMAN-UN R15B"
      },
      {
        "status": "affected",
        "version": "FOXMAN-UN R16A"
      },
      {
        "status": "affected",
        "version": "FOXMAN-UN R15A"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "UNEM",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "UNEM R16B"
      },
      {
        "status": "affected",
        "version": "UNEM R15B"
      },
      {
        "status": "affected",
        "version": "UNEM R16A"
      },
      {
        "status": "affected",
        "version": "UNEM R15A"
      }
    ]
  }
]

References

publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true

publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

20.0%

JSON

Related for CVE-2024-28020