Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for FOX61x by Hitachi Energy

    CVE-2024-2462 (GCVE-0-2024-2462)

    Vulnerability from nvd – Published: 2024-06-11 12:48 – Updated: 2024-08-01 19:11
    VLAI
    Summary
    Allow attackers to intercept or falsify data exchanges between the client and the server
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-297 - Improper Validation of Certificate with Host Mismatch
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: 0 , ≤ FOXMAN-UN R16B PC2 (custom)
    Unaffected: FOXMAN-UN R16B PC3 (custom)
    Affected: 0 , ≤ FOXMAN-UN R15B PC4 (custom)
    Unaffected: FOXMAN-UN R15B PC5 (custom)
    Affected: FOXMAN-UN R16A (custom)
    Affected: FOXMAN-UN R15A (custom)
    Create a notification for this product.
    Hitachi Energy FOX61x Affected: 0 , < FOX61x R16B (custom)
    Unaffected: FOX61x R16B (custom)
    Create a notification for this product.
    Hitachi Energy FOXCST Affected: 0 , < FOXCST_16.2.1 (custom)
    Unaffected: FOXCST_16.2.1 (custom)
    Create a notification for this product.
    Hitachi Energy UNEM Affected: 0 , ≤ UNEM R16B PC2 (custom)
    Unaffected: UNEM R16B PC3 (custom)
    Affected: 0 , ≤ UNEM R15B PC4 (custom)
    Unaffected: UNEM R15B PC5 (custom)
    Affected: UNEM R16A (custom)
    Affected: UNEM R15A (custom)
    Create a notification for this product.
    Hitachi Energy XMC20 Affected: R16B (custom)
    Create a notification for this product.
    Hitachi Energy ECST Affected: ECST_16.2.1 (custom)
    Create a notification for this product.
    hitachi_energy foxman-un Affected: 0 , ≤ FOXMAN-UN R16B PC2 (custom)
    Unaffected: FOXMAN-UN R16B PC3
    Affected: 0 , ≤ FOXMAN-UN R15B PC4 (custom)
    Unaffected: FOXMAN-UN R15B PC5
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
        cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy fox61x Affected: 0 , < FOX61x R16B (custom)
    Unaffected: FOX61x R16B
        cpe:2.3:a:hitachi_energy:fox61x:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy foxcst Affected: 0 , < FOXCST_16.2.1 (custom)
    Unaffected: FOXCST_16.2.1
        cpe:2.3:a:hitachi_energy:foxcst:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy unem Affected: 0 , ≤ UNEM R16B PC2 (custom)
    Unaffected: UNEM R16B PC3
    Affected: 0 , ≤ UNEM R15B PC4 (custom)
    Unaffected: UNEM R15B PC5
    Affected: UNEM R16A
    Affected: UNEM R15A
        cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy xmc20 Affected: R16B
        cpe:2.3:a:hitachi_energy:xmc20:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy ecst Affected: ECST_16.2.1
        cpe:2.3:a:hitachi_energy:ecst:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "foxman-un",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "lessThanOrEqual": "FOXMAN-UN R16B PC2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOXMAN-UN R16B PC3"
                  },
                  {
                    "lessThanOrEqual": "FOXMAN-UN R15B PC4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOXMAN-UN R15B PC5"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R16A"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R15A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:fox61x:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "fox61x",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "lessThan": "FOX61x R16B",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOX61x R16B"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:foxcst:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "foxcst",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "lessThan": "FOXCST_16.2.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOXCST_16.2.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "unem",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "lessThanOrEqual": "UNEM R16B PC2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "UNEM R16B PC3"
                  },
                  {
                    "lessThanOrEqual": "UNEM R15B PC4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "UNEM R15B PC5"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R16A"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R15A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:xmc20:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "xmc20",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "R16B"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:ecst:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "ecst",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "ECST_16.2.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2462",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T18:31:01.584910Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-12T19:06:16.825Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.576Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "FOXMAN-UN R16B PC2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16B PC3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "FOXMAN-UN R15B PC4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R15B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "FOX61x",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThan": "FOX61x R16B",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOX61x R16B",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "FOXCST",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThan": "FOXCST_16.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXCST_16.2.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "UNEM R16B PC2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "UNEM R16B PC3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "UNEM R15B PC4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "UNEM R15B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R16A",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XMC20",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "R16B",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ECST",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "ECST_16.2.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Allow attackers to intercept or falsify data exchanges between the client \nand the server\n\n"
                }
              ],
              "value": "Allow attackers to intercept or falsify data exchanges between the client \nand the server"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-297",
                  "description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T12:48:57.963Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-2462",
        "datePublished": "2024-06-11T12:48:57.963Z",
        "dateReserved": "2024-03-14T17:09:59.755Z",
        "dateUpdated": "2024-08-01T19:11:53.576Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2461 (GCVE-0-2024-2461)

    Vulnerability from nvd – Published: 2024-06-11 12:57 – Updated: 2024-08-01 19:11
    VLAI
    Summary
    If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOX61x Affected: 0 , ≤ FOX61x R16B Revision E (cesm3_r16b04_02, cesne_r16b04_02 and f10ne_r16b04_02) (custom)
    Unaffected: FOX61x R16B Revision G, version (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07) (custom)
    Affected: FOX61x R15B (custom)
    Unaffected: FOX61X R16B Revision G, (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07)
    Affected: FOX61x R16A
    Affected: FOX61x R15A
    Create a notification for this product.
    Hitachi Energy XMC20 Affected: 0 , ≤ XMC20 R16B Revision C (cent2_r16b04_02, co5ne_r16b04_02) (custom)
    Unaffected: XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07) (custom)
    Affected: XMC20 R15B (custom)
    Unaffected: XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07) (custom)
    Affected: XMC20 R16A (custom)
    Affected: XMC20 R15A (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2461",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T13:58:39.472974Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T13:58:58.084Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOX61x",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "FOX61x R16B Revision E (cesm3_r16b04_02,  cesne_r16b04_02 and  f10ne_r16b04_02)",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOX61x R16B Revision G, version (cesm3_r16b04_07,  cesne_r16b04_07, f10ne_r16b04_07)",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOX61x R15B",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOX61X R16B Revision G,  (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07)"
                },
                {
                  "status": "affected",
                  "version": "FOX61x R16A"
                },
                {
                  "status": "affected",
                  "version": "FOX61x R15A"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XMC20",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "XMC20 R16B Revision C (cent2_r16b04_02,  co5ne_r16b04_02)",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "XMC20 R16B Revision D, version  (cent2_r16b04_07, co5ne_r16b04_07)",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "XMC20 R15B",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07)",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "XMC20 R16A",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "XMC20 R15A",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nIf exploited an attacker could traverse the file system to access \nfiles or directories that would otherwise be inaccessible\n\n"
                }
              ],
              "value": "If exploited an attacker could traverse the file system to access \nfiles or directories that would otherwise be inaccessible"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T12:57:04.498Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-2461",
        "datePublished": "2024-06-11T12:57:04.498Z",
        "dateReserved": "2024-03-14T17:09:59.168Z",
        "dateUpdated": "2024-08-01T19:11:53.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40334 (GCVE-0-2021-40334)

    Vulnerability from nvd – Published: 2021-12-02 18:28 – Updated: 2024-09-16 23:11
    VLAI
    Title
    SSH activation problem in the proprietary management protocol (port TCP 5558)
    Summary
    Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy FOX61x Affected: R15A , < R15A (custom)
    Create a notification for this product.
    Hitachi Energy XCM20 Affected: R15A , < R15A (custom)
    Create a notification for this product.
    Date Public
    2021-11-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:27:31.884Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FOX61x",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThan": "R15A",
                  "status": "affected",
                  "version": "R15A",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "XCM20",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThan": "R15A",
                  "status": "affected",
                  "version": "R15A",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-11-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-431",
                  "description": "CWE-431 Missing Handler",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-02T18:28:18.000Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fixed in FOX61x R15A or XMC20 R15A"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SSH activation problem in the proprietary management protocol (port TCP 5558)",
          "workarounds": [
            {
              "lang": "en",
              "value": "Recommended security practices and firewall configurations help protecting systems from attacks that originate from outside the network. Such practices include that network management systems and FOX61x or XMC20 networks are typically physically protected from direct access by unauthorized personnel and have no direct connections to the Internet, as well as are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@hitachienergy.com",
              "DATE_PUBLIC": "2021-11-23T11:00:00.000Z",
              "ID": "CVE-2021-40334",
              "STATE": "PUBLIC",
              "TITLE": "SSH activation problem in the proprietary management protocol (port TCP 5558)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FOX61x",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "R15A",
                                "version_value": "R15A"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "XCM20",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "R15A",
                                "version_value": "R15A"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hitachi Energy"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-431 Missing Handler"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                },
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fixed in FOX61x R15A or XMC20 R15A"
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Recommended security practices and firewall configurations help protecting systems from attacks that originate from outside the network. Such practices include that network management systems and FOX61x or XMC20 networks are typically physically protected from direct access by unauthorized personnel and have no direct connections to the Internet, as well as are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2021-40334",
        "datePublished": "2021-12-02T18:28:18.525Z",
        "dateReserved": "2021-08-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:11:57.958Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40333 (GCVE-0-2021-40333)

    Vulnerability from nvd – Published: 2021-12-02 18:29 – Updated: 2024-09-17 00:15
    VLAI
    Title
    Weak default credential associated with TCP port 26
    Summary
    Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy FOX61x Affected: R15A , < R15A (custom)
    Create a notification for this product.
    Hitachi Energy XCM20 Affected: R15A , < R15A (custom)
    Create a notification for this product.
    Date Public
    2021-11-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:27:31.932Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FOX61x",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThan": "R15A",
                  "status": "affected",
                  "version": "R15A",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "XCM20",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThan": "R15A",
                  "status": "affected",
                  "version": "R15A",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-11-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-02T18:29:36.000Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fixed in FOX61x R14A Hotfix or XMC20 R14A Hotfix\nFixed in FOX61x R15A or XMC20 R15A"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Weak default credential associated with TCP port 26",
          "workarounds": [
            {
              "lang": "en",
              "value": "Recommended security practices and firewall configurations help protecting systems from attacks that originate from outside the network. Such practices include that network management systems and XMC20 networks are typically physically protected from direct access by unauthorized personnel and have no direct connections to the Internet, as well as are separated from other networks by means of a firewall system that has a minimal number of ports exposed (e.g., traffic to TCP port 26 should be blocked/dropped), and others that have to be evaluated case by case. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@hitachienergy.com",
              "DATE_PUBLIC": "2021-11-23T11:00:00.000Z",
              "ID": "CVE-2021-40333",
              "STATE": "PUBLIC",
              "TITLE": "Weak default credential associated with TCP port 26"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FOX61x",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "R15A",
                                "version_value": "R15A"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "XCM20",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "R15A",
                                "version_value": "R15A"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hitachi Energy"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-521 Weak Password Requirements"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                },
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fixed in FOX61x R14A Hotfix or XMC20 R14A Hotfix\nFixed in FOX61x R15A or XMC20 R15A"
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Recommended security practices and firewall configurations help protecting systems from attacks that originate from outside the network. Such practices include that network management systems and XMC20 networks are typically physically protected from direct access by unauthorized personnel and have no direct connections to the Internet, as well as are separated from other networks by means of a firewall system that has a minimal number of ports exposed (e.g., traffic to TCP port 26 should be blocked/dropped), and others that have to be evaluated case by case. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2021-40333",
        "datePublished": "2021-12-02T18:29:36.828Z",
        "dateReserved": "2021-08-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:15:37.686Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2461 (GCVE-0-2024-2461)

    Vulnerability from cvelistv5 – Published: 2024-06-11 12:57 – Updated: 2024-08-01 19:11
    VLAI
    Summary
    If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOX61x Affected: 0 , ≤ FOX61x R16B Revision E (cesm3_r16b04_02, cesne_r16b04_02 and f10ne_r16b04_02) (custom)
    Unaffected: FOX61x R16B Revision G, version (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07) (custom)
    Affected: FOX61x R15B (custom)
    Unaffected: FOX61X R16B Revision G, (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07)
    Affected: FOX61x R16A
    Affected: FOX61x R15A
    Create a notification for this product.
    Hitachi Energy XMC20 Affected: 0 , ≤ XMC20 R16B Revision C (cent2_r16b04_02, co5ne_r16b04_02) (custom)
    Unaffected: XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07) (custom)
    Affected: XMC20 R15B (custom)
    Unaffected: XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07) (custom)
    Affected: XMC20 R16A (custom)
    Affected: XMC20 R15A (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2461",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T13:58:39.472974Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T13:58:58.084Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOX61x",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "FOX61x R16B Revision E (cesm3_r16b04_02,  cesne_r16b04_02 and  f10ne_r16b04_02)",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOX61x R16B Revision G, version (cesm3_r16b04_07,  cesne_r16b04_07, f10ne_r16b04_07)",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOX61x R15B",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOX61X R16B Revision G,  (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07)"
                },
                {
                  "status": "affected",
                  "version": "FOX61x R16A"
                },
                {
                  "status": "affected",
                  "version": "FOX61x R15A"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XMC20",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "XMC20 R16B Revision C (cent2_r16b04_02,  co5ne_r16b04_02)",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "XMC20 R16B Revision D, version  (cent2_r16b04_07, co5ne_r16b04_07)",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "XMC20 R15B",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07)",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "XMC20 R16A",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "XMC20 R15A",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nIf exploited an attacker could traverse the file system to access \nfiles or directories that would otherwise be inaccessible\n\n"
                }
              ],
              "value": "If exploited an attacker could traverse the file system to access \nfiles or directories that would otherwise be inaccessible"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T12:57:04.498Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-2461",
        "datePublished": "2024-06-11T12:57:04.498Z",
        "dateReserved": "2024-03-14T17:09:59.168Z",
        "dateUpdated": "2024-08-01T19:11:53.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2462 (GCVE-0-2024-2462)

    Vulnerability from cvelistv5 – Published: 2024-06-11 12:48 – Updated: 2024-08-01 19:11
    VLAI
    Summary
    Allow attackers to intercept or falsify data exchanges between the client and the server
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-297 - Improper Validation of Certificate with Host Mismatch
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: 0 , ≤ FOXMAN-UN R16B PC2 (custom)
    Unaffected: FOXMAN-UN R16B PC3 (custom)
    Affected: 0 , ≤ FOXMAN-UN R15B PC4 (custom)
    Unaffected: FOXMAN-UN R15B PC5 (custom)
    Affected: FOXMAN-UN R16A (custom)
    Affected: FOXMAN-UN R15A (custom)
    Create a notification for this product.
    Hitachi Energy FOX61x Affected: 0 , < FOX61x R16B (custom)
    Unaffected: FOX61x R16B (custom)
    Create a notification for this product.
    Hitachi Energy FOXCST Affected: 0 , < FOXCST_16.2.1 (custom)
    Unaffected: FOXCST_16.2.1 (custom)
    Create a notification for this product.
    Hitachi Energy UNEM Affected: 0 , ≤ UNEM R16B PC2 (custom)
    Unaffected: UNEM R16B PC3 (custom)
    Affected: 0 , ≤ UNEM R15B PC4 (custom)
    Unaffected: UNEM R15B PC5 (custom)
    Affected: UNEM R16A (custom)
    Affected: UNEM R15A (custom)
    Create a notification for this product.
    Hitachi Energy XMC20 Affected: R16B (custom)
    Create a notification for this product.
    Hitachi Energy ECST Affected: ECST_16.2.1 (custom)
    Create a notification for this product.
    hitachi_energy foxman-un Affected: 0 , ≤ FOXMAN-UN R16B PC2 (custom)
    Unaffected: FOXMAN-UN R16B PC3
    Affected: 0 , ≤ FOXMAN-UN R15B PC4 (custom)
    Unaffected: FOXMAN-UN R15B PC5
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
        cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy fox61x Affected: 0 , < FOX61x R16B (custom)
    Unaffected: FOX61x R16B
        cpe:2.3:a:hitachi_energy:fox61x:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy foxcst Affected: 0 , < FOXCST_16.2.1 (custom)
    Unaffected: FOXCST_16.2.1
        cpe:2.3:a:hitachi_energy:foxcst:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy unem Affected: 0 , ≤ UNEM R16B PC2 (custom)
    Unaffected: UNEM R16B PC3
    Affected: 0 , ≤ UNEM R15B PC4 (custom)
    Unaffected: UNEM R15B PC5
    Affected: UNEM R16A
    Affected: UNEM R15A
        cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy xmc20 Affected: R16B
        cpe:2.3:a:hitachi_energy:xmc20:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy ecst Affected: ECST_16.2.1
        cpe:2.3:a:hitachi_energy:ecst:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "foxman-un",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "lessThanOrEqual": "FOXMAN-UN R16B PC2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOXMAN-UN R16B PC3"
                  },
                  {
                    "lessThanOrEqual": "FOXMAN-UN R15B PC4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOXMAN-UN R15B PC5"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R16A"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R15A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:fox61x:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "fox61x",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "lessThan": "FOX61x R16B",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOX61x R16B"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:foxcst:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "foxcst",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "lessThan": "FOXCST_16.2.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOXCST_16.2.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "unem",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "lessThanOrEqual": "UNEM R16B PC2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "UNEM R16B PC3"
                  },
                  {
                    "lessThanOrEqual": "UNEM R15B PC4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "UNEM R15B PC5"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R16A"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R15A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:xmc20:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "xmc20",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "R16B"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:ecst:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "ecst",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "ECST_16.2.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2462",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T18:31:01.584910Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-12T19:06:16.825Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.576Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "FOXMAN-UN R16B PC2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16B PC3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "FOXMAN-UN R15B PC4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R15B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "FOX61x",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThan": "FOX61x R16B",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOX61x R16B",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "FOXCST",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThan": "FOXCST_16.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXCST_16.2.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "UNEM R16B PC2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "UNEM R16B PC3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "UNEM R15B PC4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "UNEM R15B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R16A",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XMC20",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "R16B",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ECST",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "ECST_16.2.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Allow attackers to intercept or falsify data exchanges between the client \nand the server\n\n"
                }
              ],
              "value": "Allow attackers to intercept or falsify data exchanges between the client \nand the server"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-297",
                  "description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T12:48:57.963Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-2462",
        "datePublished": "2024-06-11T12:48:57.963Z",
        "dateReserved": "2024-03-14T17:09:59.755Z",
        "dateUpdated": "2024-08-01T19:11:53.576Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40333 (GCVE-0-2021-40333)

    Vulnerability from cvelistv5 – Published: 2021-12-02 18:29 – Updated: 2024-09-17 00:15
    VLAI
    Title
    Weak default credential associated with TCP port 26
    Summary
    Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy FOX61x Affected: R15A , < R15A (custom)
    Create a notification for this product.
    Hitachi Energy XCM20 Affected: R15A , < R15A (custom)
    Create a notification for this product.
    Date Public
    2021-11-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:27:31.932Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FOX61x",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThan": "R15A",
                  "status": "affected",
                  "version": "R15A",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "XCM20",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThan": "R15A",
                  "status": "affected",
                  "version": "R15A",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-11-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-02T18:29:36.000Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fixed in FOX61x R14A Hotfix or XMC20 R14A Hotfix\nFixed in FOX61x R15A or XMC20 R15A"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Weak default credential associated with TCP port 26",
          "workarounds": [
            {
              "lang": "en",
              "value": "Recommended security practices and firewall configurations help protecting systems from attacks that originate from outside the network. Such practices include that network management systems and XMC20 networks are typically physically protected from direct access by unauthorized personnel and have no direct connections to the Internet, as well as are separated from other networks by means of a firewall system that has a minimal number of ports exposed (e.g., traffic to TCP port 26 should be blocked/dropped), and others that have to be evaluated case by case. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@hitachienergy.com",
              "DATE_PUBLIC": "2021-11-23T11:00:00.000Z",
              "ID": "CVE-2021-40333",
              "STATE": "PUBLIC",
              "TITLE": "Weak default credential associated with TCP port 26"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FOX61x",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "R15A",
                                "version_value": "R15A"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "XCM20",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "R15A",
                                "version_value": "R15A"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hitachi Energy"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-521 Weak Password Requirements"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                },
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fixed in FOX61x R14A Hotfix or XMC20 R14A Hotfix\nFixed in FOX61x R15A or XMC20 R15A"
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Recommended security practices and firewall configurations help protecting systems from attacks that originate from outside the network. Such practices include that network management systems and XMC20 networks are typically physically protected from direct access by unauthorized personnel and have no direct connections to the Internet, as well as are separated from other networks by means of a firewall system that has a minimal number of ports exposed (e.g., traffic to TCP port 26 should be blocked/dropped), and others that have to be evaluated case by case. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2021-40333",
        "datePublished": "2021-12-02T18:29:36.828Z",
        "dateReserved": "2021-08-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:15:37.686Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40334 (GCVE-0-2021-40334)

    Vulnerability from cvelistv5 – Published: 2021-12-02 18:28 – Updated: 2024-09-16 23:11
    VLAI
    Title
    SSH activation problem in the proprietary management protocol (port TCP 5558)
    Summary
    Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy FOX61x Affected: R15A , < R15A (custom)
    Create a notification for this product.
    Hitachi Energy XCM20 Affected: R15A , < R15A (custom)
    Create a notification for this product.
    Date Public
    2021-11-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:27:31.884Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FOX61x",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThan": "R15A",
                  "status": "affected",
                  "version": "R15A",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "XCM20",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThan": "R15A",
                  "status": "affected",
                  "version": "R15A",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-11-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-431",
                  "description": "CWE-431 Missing Handler",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-02T18:28:18.000Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fixed in FOX61x R15A or XMC20 R15A"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SSH activation problem in the proprietary management protocol (port TCP 5558)",
          "workarounds": [
            {
              "lang": "en",
              "value": "Recommended security practices and firewall configurations help protecting systems from attacks that originate from outside the network. Such practices include that network management systems and FOX61x or XMC20 networks are typically physically protected from direct access by unauthorized personnel and have no direct connections to the Internet, as well as are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@hitachienergy.com",
              "DATE_PUBLIC": "2021-11-23T11:00:00.000Z",
              "ID": "CVE-2021-40334",
              "STATE": "PUBLIC",
              "TITLE": "SSH activation problem in the proprietary management protocol (port TCP 5558)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FOX61x",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "R15A",
                                "version_value": "R15A"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "XCM20",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "R15A",
                                "version_value": "R15A"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hitachi Energy"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-431 Missing Handler"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                },
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Fixed in FOX61x R15A or XMC20 R15A"
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Recommended security practices and firewall configurations help protecting systems from attacks that originate from outside the network. Such practices include that network management systems and FOX61x or XMC20 networks are typically physically protected from direct access by unauthorized personnel and have no direct connections to the Internet, as well as are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2021-40334",
        "datePublished": "2021-12-02T18:28:18.525Z",
        "dateReserved": "2021-08-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:11:57.958Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }