Lucene search

Hitachi EnergyCVE-2024-28022

HistoryJun 11, 2024 - 7:16 p.m.

CVE-2024-28022

2024-06-1119:16:06

CWE-307

Hitachi Energy

web.nvd.nist.gov

vulnerability

foxman-un

unem

apigateway

unauthorized access

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

17.7%

JSON

A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that
if exploited allows a malicious user to perform an arbitrary number
of authentication attempts using different passwords, and
eventually gain access to the targeted account.

Affected configurations

Nvd

Node

hitachienergyfoxman-unMatchr15a

hitachienergyfoxman-unMatchr15b

hitachienergyfoxman-unMatchr16a

hitachienergyfoxman-unMatchr16b

hitachienergyunemMatchr15a

hitachienergyunemMatchr15b

hitachienergyunemMatchr16a

hitachienergyunemMatchr16b

VendorProductVersionCPE
hitachienergyfoxman-unr15acpe:2.3:a:hitachienergy:foxman-un:r15a:*:*:*:*:*:*:*
hitachienergyfoxman-unr15bcpe:2.3:a:hitachienergy:foxman-un:r15b:*:*:*:*:*:*:*
hitachienergyfoxman-unr16acpe:2.3:a:hitachienergy:foxman-un:r16a:*:*:*:*:*:*:*
hitachienergyfoxman-unr16bcpe:2.3:a:hitachienergy:foxman-un:r16b:*:*:*:*:*:*:*
hitachienergyunemr15acpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*
hitachienergyunemr15bcpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*
hitachienergyunemr16acpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*
hitachienergyunemr16bcpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hitachienergy	foxman-un	r15a	cpe:2.3:a:hitachienergy:foxman-un:r15a:::::::*
hitachienergy	foxman-un	r15b	cpe:2.3:a:hitachienergy:foxman-un:r15b:::::::*
hitachienergy	foxman-un	r16a	cpe:2.3:a:hitachienergy:foxman-un:r16a:::::::*
hitachienergy	foxman-un	r16b	cpe:2.3:a:hitachienergy:foxman-un:r16b:::::::*
hitachienergy	unem	r15a	cpe:2.3:a:hitachienergy:unem:r15a:::::::*
hitachienergy	unem	r15b	cpe:2.3:a:hitachienergy:unem:r15b:::::::*
hitachienergy	unem	r16a	cpe:2.3:a:hitachienergy:unem:r16a:::::::*
hitachienergy	unem	r16b	cpe:2.3:a:hitachienergy:unem:r16b:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "FOXMAN-UN",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "FOXMAN-UN R16B"
      },
      {
        "status": "affected",
        "version": "FOXMAN-UN R15B"
      },
      {
        "status": "affected",
        "version": "FOXMAN-UN R16A"
      },
      {
        "status": "affected",
        "version": "FOXMAN-UN R15A"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "UNEM",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "UNEM R16B"
      },
      {
        "status": "affected",
        "version": "UNEM R15B"
      },
      {
        "status": "affected",
        "version": "UNEM 16A"
      },
      {
        "status": "affected",
        "version": "UNEM 15A"
      }
    ]
  }
]

References

publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true

publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

17.7%

JSON

Related for CVE-2024-28022