Search

Find a vulnerability

Search criteria

    30 vulnerabilities found for FOXMAN-UN by Hitachi Energy

    CVE-2024-28024 (GCVE-0-2024-28024)

    Vulnerability from nvd – Published: 2024-06-11 18:17 – Updated: 2024-10-29 14:42
    VLAI
    Summary
    A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16B
    Affected: UNEM R15B
    Affected: UNEM R16A
    Affected: UNEM R15A
    Create a notification for this product.
    hitachi_energy foxman-un Affected: FOXMAN-UN R16B
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
        cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy unem Affected: UNEM R16B
    Affected: UNEM R15B
    Affected: UNEM R16A
    Affected: UNEM R15A
        cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "foxman-un",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R16B"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R15B"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R16A"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R15A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "unem",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "UNEM R16B"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R15B"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R16A"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R15A"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28024",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T20:22:36.317764Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T20:39:33.569Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:47.698Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is \nstored in cleartext within a resource that might be accessible to another control sphere."
                }
              ],
              "value": "A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is \nstored in cleartext within a resource that might be accessible to another control sphere."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-29T14:42:42.760Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
            },
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-28024",
        "datePublished": "2024-06-11T18:17:54.877Z",
        "dateReserved": "2024-02-29T13:42:00.746Z",
        "dateUpdated": "2024-10-29T14:42:42.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28022 (GCVE-0-2024-28022)

    Vulnerability from nvd – Published: 2024-06-11 18:15 – Updated: 2025-05-20 14:00
    VLAI
    Summary
    A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16B
    Affected: UNEM R15B
    Affected: UNEM 16A
    Affected: UNEM 15A
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28022",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T19:32:31.382514Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T14:00:48.279Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:47.751Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM 16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM 15A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of\nauthentication attempts using different passwords, and eventually\ngain access to other components in the same security realm using\nthe targeted account.\n\n\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of\nauthentication attempts using different passwords, and eventually\ngain access to other components in the same security realm using\nthe targeted account."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-29T14:33:38.987Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
            },
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-28022",
        "datePublished": "2024-06-11T18:15:42.349Z",
        "dateReserved": "2024-02-29T13:42:00.746Z",
        "dateUpdated": "2025-05-20T14:00:48.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28020 (GCVE-0-2024-28020)

    Vulnerability from nvd – Published: 2024-06-11 18:20 – Updated: 2024-10-29 14:22
    VLAI
    Summary
    A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-286 - Incorrect User Management
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16B
    Affected: UNEM R15B
    Affected: UNEM R16A
    Affected: UNEM R15A
    Create a notification for this product.
    hitachienergy foxman-un Affected: r16b
    Affected: r15b
    Affected: r15a
    Affected: r16a
        cpe:2.3:a:hitachienergy:foxman-un:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy unem Affected: r15b
    Affected: r16b
    Affected: r15a
    Affected: r16a
        cpe:2.3:a:hitachienergy:unem:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:foxman-un:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "foxman-un",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r16b"
                  },
                  {
                    "status": "affected",
                    "version": "r15b"
                  },
                  {
                    "status": "affected",
                    "version": "r15a"
                  },
                  {
                    "status": "affected",
                    "version": "r16a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:unem:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "unem",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r15b"
                  },
                  {
                    "status": "affected",
                    "version": "r16b"
                  },
                  {
                    "status": "affected",
                    "version": "r15a"
                  },
                  {
                    "status": "affected",
                    "version": "r16a"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28020",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T20:27:26.873565Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T20:34:29.900Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:47.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application\nand server management. If exploited a malicious high-privileged\nuser could use the passwords and login information through complex routines to extend access on the server and other services."
                }
              ],
              "value": "A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application\nand server management. If exploited a malicious high-privileged\nuser could use the passwords and login information through complex routines to extend access on the server and other services."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-286",
                  "description": "CWE-286 Incorrect User Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-29T14:22:19.869Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
            },
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-28020",
        "datePublished": "2024-06-11T18:20:35.573Z",
        "dateReserved": "2024-02-29T13:42:00.745Z",
        "dateUpdated": "2024-10-29T14:22:19.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2013 (GCVE-0-2024-2013)

    Vulnerability from nvd – Published: 2024-06-11 13:14 – Updated: 2024-08-01 18:56
    VLAI
    Summary
    An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B PC2 (custom)
    Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom)
    Affected: FOXMAN-UN R15B PC4 (custom)
    Unaffected: FOXMAN-UN R15B PC5 (custom)
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16B PC2 (custom)
    Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom)
    Affected: UNEM R15B PC4 (custom)
    Affected: UNEM R15B PC5 (custom)
    Affected: UNEM R16B
    Affected: UNEM R15A
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2013",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T18:16:13.737199Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-12T18:16:25.336Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.747Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16B PC2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "FOXMAN-UN R16B PC4",
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B PC4",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R15B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16B PC2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "UNEM R16B PC4",
                  "status": "unaffected",
                  "version": "UNEM R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B PC4",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R16B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /\nAPI Gateway component that if exploited allows attackers without \nany access to interact with the services and the post-authentication \nattack surface."
                }
              ],
              "value": "An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /\nAPI Gateway component that if exploited allows attackers without \nany access to interact with the services and the post-authentication \nattack surface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T13:57:13.510Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-2013",
        "datePublished": "2024-06-11T13:14:40.501Z",
        "dateReserved": "2024-02-29T13:42:08.147Z",
        "dateUpdated": "2024-08-01T18:56:22.747Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2012 (GCVE-0-2024-2012)

    Vulnerability from nvd – Published: 2024-06-11 13:16 – Updated: 2024-08-01 18:56
    VLAI
    Summary
    vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B PC2 (custom)
    Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom)
    Affected: FOXMAN-UN R15B PC4 (custom)
    Unaffected: FOXMAN-UN R15B PC5 (custom)
    Affected: FOXMAN-UN R16A (custom)
    Affected: FOXMAN-UN R15A (custom)
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16B PC2 (custom)
    Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom)
    Affected: UNEM R15B PC4 (custom)
    Affected: UNEM R15B PC5 (custom)
    Affected: UNEM R15A (custom)
    Affected: UNEM R16A (custom)
    Create a notification for this product.
    hitachienergy foxman_un Affected: pc2
        cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy foxman_un Unaffected: pc3
        cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy foxman_un Affected: pc4
        cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy foxman_un Unaffected: pc5
        cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy foxman_un Affected: r16a
        cpe:2.3:a:hitachienergy:foxman_un:r16a:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy foxman_un Affected: r15a
        cpe:2.3:a:hitachienergy:foxman_un:r15a:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy unem Affected: pc2
        cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy unem Unaffected: pc3
        cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy unem Affected: pc4
        cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy unem Affected: pc5
        cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy unem Affected: r15a
        cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy unem Affected: r16a
        cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "foxman_un",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "pc2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "foxman_un",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "pc3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "foxman_un",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "pc4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "foxman_un",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "pc5"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:foxman_un:r16a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "foxman_un",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r16a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:foxman_un:r15a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "foxman_un",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r15a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unem",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "pc2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unem",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "pc3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unem",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "pc4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unem",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "pc5"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unem",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r15a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unem",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r16a"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2012",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T15:24:47.544271Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T16:07:08.026Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.575Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16B PC2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "FOXMAN-UN R16B PC4",
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B PC4",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R15B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16B PC2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "UNEM R16B PC4",
                  "status": "unaffected",
                  "version": "UNEM R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B PC4",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R16A",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or \ncode to be executed on the UNEM server allowing sensitive data to \nbe read or modified or could cause other unintended behavior"
                }
              ],
              "value": "vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or \ncode to be executed on the UNEM server allowing sensitive data to \nbe read or modified or could cause other unintended behavior"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T13:58:20.884Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-2012",
        "datePublished": "2024-06-11T13:16:29.566Z",
        "dateReserved": "2024-02-29T13:42:06.985Z",
        "dateUpdated": "2024-08-01T18:56:22.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2011 (GCVE-0-2024-2011)

    Vulnerability from nvd – Published: 2024-06-11 13:24 – Updated: 2024-08-01 18:56
    VLAI
    Summary
    A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B PC2 (custom)
    Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom)
    Affected: FOXMAN-UN R15B PC4 (custom)
    Unaffected: FOXMAN-UN R16B PC5 (custom)
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16B PC2 (custom)
    Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom)
    Affected: UNEM R15B PC4 (custom)
    Unaffected: UNEM R16B PC5 (custom)
    Affected: UNEM R16A
    Affected: UNEM R15A
    Create a notification for this product.
    hitachi_energy foxman-un Affected: FOXMAN-UN R16B PC2
    Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom)
    Affected: FOXMAN-UN R15B PC4
    Unaffected: FOXMAN-UN R16B PC5
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
        cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy unem Affected: UNEM R16B PC2
    Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom)
    Affected: UNEM R15B PC4
    Unaffected: UNEM R16B PC5
    Affected: UNEM R16A
    Affected: UNEM R15A
        cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "foxman-un",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R16B PC2"
                  },
                  {
                    "lessThanOrEqual": "FOXMAN-UN R16B PC4",
                    "status": "unaffected",
                    "version": "FOXMAN-UN R16B PC3",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R15B PC4"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOXMAN-UN R16B PC5"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R16A"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R15A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "unem",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "UNEM R16B PC2"
                  },
                  {
                    "lessThanOrEqual": "UNEM R16B PC4",
                    "status": "unaffected",
                    "version": "UNEM R16B PC3",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R15B PC4"
                  },
                  {
                    "status": "unaffected",
                    "version": "UNEM R16B PC5"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R16A"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R15A"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2011",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-18T19:34:01.919299Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T19:57:39.468Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16B PC2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "FOXMAN-UN R16B PC4",
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B PC4",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16B PC2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "UNEM R16B PC4",
                  "status": "unaffected",
                  "version": "UNEM R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B PC4",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "UNEM R16B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that\nif exploited will generally lead to a denial of service but can be used \nto execute arbitrary code, which is usually outside the scope of a\nprogram\u0027s implicit security policy"
                }
              ],
              "value": "A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that\nif exploited will generally lead to a denial of service but can be used \nto execute arbitrary code, which is usually outside the scope of a\nprogram\u0027s implicit security policy"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T13:59:18.165Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
            },
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-2011",
        "datePublished": "2024-06-11T13:24:58.764Z",
        "dateReserved": "2024-02-29T13:42:05.971Z",
        "dateUpdated": "2024-08-01T18:56:22.675Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28023 (GCVE-0-2024-28023)

    Vulnerability from nvd – Published: 2024-06-11 13:55 – Updated: 2024-08-02 00:48
    VLAI
    Summary
    A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-259 - Use of Hard-coded Password
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B PC2
    Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom)
    Affected: FOXMAN-UN R15B PC4
    Unaffected: FOXMAN-UN R15B PC5
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16B PC2
    Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom)
    Affected: UNEM R15B PC4
    Unaffected: UNEM R15B PC4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28023",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T15:40:34.740767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-24T15:15:53.504Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:47.834Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16B PC2"
                },
                {
                  "lessThanOrEqual": "FOXMAN-UN R16B PC4",
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B PC4"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R15B PC5"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16B PC2"
                },
                {
                  "lessThanOrEqual": "UNEM R16B PC4",
                  "status": "unaffected",
                  "version": "UNEM R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B PC4"
                },
                {
                  "status": "unaffected",
                  "version": "UNEM R15B PC4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists in the message queueing mechanism that if \nexploited can lead to the exposure of resources or functionality to \nunintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.\n\n\n"
                }
              ],
              "value": "A vulnerability exists in the message queueing mechanism that if \nexploited can lead to the exposure of resources or functionality to \nunintended actors, possibly providing attackers with sensitive information or even execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-259",
                  "description": "CWE-259 Use of Hard-coded Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-12T16:05:56.127Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-28023",
        "datePublished": "2024-06-11T13:55:56.127Z",
        "dateReserved": "2024-02-29T13:42:00.746Z",
        "dateUpdated": "2024-08-02T00:48:47.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28021 (GCVE-0-2024-28021)

    Vulnerability from nvd – Published: 2024-06-11 13:30 – Updated: 2024-10-29 14:27
    VLAI
    Summary
    A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B PC2 (custom)
    Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom)
    Affected: FOXMAN-UN R15B PC4 (custom)
    Unaffected: FOXMAN-UN R15B PC5 (custom)
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16B PC2 (custom)
    Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom)
    Affected: UNEM R15B PC4 (custom)
    Unaffected: UNEM R15B PC5 (custom)
    Create a notification for this product.
    hitachienergy unem Affected: r16bpc2
    Affected: r15bpc4
        cpe:2.3:a:hitachienergy:unem:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy foxman-un Affected: r16bpc2
    Affected: r15bpc4
        cpe:2.3:a:hitachienergy:foxman-un:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:unem:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "unem",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r16bpc2"
                  },
                  {
                    "status": "affected",
                    "version": "r15bpc4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:foxman-un:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "foxman-un",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r16bpc2"
                  },
                  {
                    "status": "affected",
                    "version": "r15bpc4"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28021",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T14:36:08.316220Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T15:13:35.936Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:47.815Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16B PC2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "FOXMAN-UN R16B PC4",
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B PC4",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R15B PC5",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16B PC2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "UNEM R16B PC4",
                  "status": "unaffected",
                  "version": "UNEM R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B PC4",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "UNEM R15B PC5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message \nqueueing mechanism\u2019s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality \nand integrity."
                }
              ],
              "value": "A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message \nqueueing mechanism\u2019s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality \nand integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-29T14:27:45.146Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
            },
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-28021",
        "datePublished": "2024-06-11T13:30:12.765Z",
        "dateReserved": "2024-02-29T13:42:00.746Z",
        "dateUpdated": "2024-10-29T14:27:45.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2462 (GCVE-0-2024-2462)

    Vulnerability from nvd – Published: 2024-06-11 12:48 – Updated: 2024-08-01 19:11
    VLAI
    Summary
    Allow attackers to intercept or falsify data exchanges between the client and the server
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-297 - Improper Validation of Certificate with Host Mismatch
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: 0 , ≤ FOXMAN-UN R16B PC2 (custom)
    Unaffected: FOXMAN-UN R16B PC3 (custom)
    Affected: 0 , ≤ FOXMAN-UN R15B PC4 (custom)
    Unaffected: FOXMAN-UN R15B PC5 (custom)
    Affected: FOXMAN-UN R16A (custom)
    Affected: FOXMAN-UN R15A (custom)
    Create a notification for this product.
    Hitachi Energy FOX61x Affected: 0 , < FOX61x R16B (custom)
    Unaffected: FOX61x R16B (custom)
    Create a notification for this product.
    Hitachi Energy FOXCST Affected: 0 , < FOXCST_16.2.1 (custom)
    Unaffected: FOXCST_16.2.1 (custom)
    Create a notification for this product.
    Hitachi Energy UNEM Affected: 0 , ≤ UNEM R16B PC2 (custom)
    Unaffected: UNEM R16B PC3 (custom)
    Affected: 0 , ≤ UNEM R15B PC4 (custom)
    Unaffected: UNEM R15B PC5 (custom)
    Affected: UNEM R16A (custom)
    Affected: UNEM R15A (custom)
    Create a notification for this product.
    Hitachi Energy XMC20 Affected: R16B (custom)
    Create a notification for this product.
    Hitachi Energy ECST Affected: ECST_16.2.1 (custom)
    Create a notification for this product.
    hitachi_energy foxman-un Affected: 0 , ≤ FOXMAN-UN R16B PC2 (custom)
    Unaffected: FOXMAN-UN R16B PC3
    Affected: 0 , ≤ FOXMAN-UN R15B PC4 (custom)
    Unaffected: FOXMAN-UN R15B PC5
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
        cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy fox61x Affected: 0 , < FOX61x R16B (custom)
    Unaffected: FOX61x R16B
        cpe:2.3:a:hitachi_energy:fox61x:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy foxcst Affected: 0 , < FOXCST_16.2.1 (custom)
    Unaffected: FOXCST_16.2.1
        cpe:2.3:a:hitachi_energy:foxcst:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy unem Affected: 0 , ≤ UNEM R16B PC2 (custom)
    Unaffected: UNEM R16B PC3
    Affected: 0 , ≤ UNEM R15B PC4 (custom)
    Unaffected: UNEM R15B PC5
    Affected: UNEM R16A
    Affected: UNEM R15A
        cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy xmc20 Affected: R16B
        cpe:2.3:a:hitachi_energy:xmc20:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy ecst Affected: ECST_16.2.1
        cpe:2.3:a:hitachi_energy:ecst:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "foxman-un",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "lessThanOrEqual": "FOXMAN-UN R16B PC2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOXMAN-UN R16B PC3"
                  },
                  {
                    "lessThanOrEqual": "FOXMAN-UN R15B PC4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOXMAN-UN R15B PC5"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R16A"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R15A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:fox61x:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "fox61x",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "lessThan": "FOX61x R16B",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOX61x R16B"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:foxcst:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "foxcst",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "lessThan": "FOXCST_16.2.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOXCST_16.2.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "unem",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "lessThanOrEqual": "UNEM R16B PC2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "UNEM R16B PC3"
                  },
                  {
                    "lessThanOrEqual": "UNEM R15B PC4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "UNEM R15B PC5"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R16A"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R15A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:xmc20:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "xmc20",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "R16B"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:ecst:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "ecst",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "ECST_16.2.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2462",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T18:31:01.584910Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-12T19:06:16.825Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.576Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "FOXMAN-UN R16B PC2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16B PC3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "FOXMAN-UN R15B PC4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R15B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "FOX61x",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThan": "FOX61x R16B",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOX61x R16B",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "FOXCST",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThan": "FOXCST_16.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXCST_16.2.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "UNEM R16B PC2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "UNEM R16B PC3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "UNEM R15B PC4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "UNEM R15B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R16A",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XMC20",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "R16B",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ECST",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "ECST_16.2.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Allow attackers to intercept or falsify data exchanges between the client \nand the server\n\n"
                }
              ],
              "value": "Allow attackers to intercept or falsify data exchanges between the client \nand the server"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-297",
                  "description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T12:48:57.963Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-2462",
        "datePublished": "2024-06-11T12:48:57.963Z",
        "dateReserved": "2024-03-14T17:09:59.755Z",
        "dateUpdated": "2024-08-01T19:11:53.576Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1711 (GCVE-0-2023-1711)

    Vulnerability from nvd – Published: 2023-05-30 18:46 – Updated: 2025-01-09 21:19
    VLAI
    Summary
    A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information. List of CPEs: * cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R16A:*:*:*:*:*:*:* * * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R16A:*:*:*:*:*:*:*
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R15A
    Affected: FOXMAN-UN R14B
    Affected: FOXMAN-UN R14A
    Affected: FOXMAN-UN R11B
    Affected: FOXMAN-UN R11A
    Affected: FOXMAN-UN R10C
    Affected: FOXMAN-UN R9C
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16A
    Affected: UNEM R15B
    Affected: UNEM R15A
    Affected: UNEM R14B
    Affected: UNEM R14A
    Affected: UNEM R11B
    Affected: UNEM R11A
    Affected: UNEM R10C
    Affected: UNEM R9C
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:57:25.264Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000155\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000166\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1711",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-09T21:19:08.886899Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-09T21:19:26.511Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R10C"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R9C"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R10C"
                },
                {
                  "status": "affected",
                  "version": "UNEM R9C"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. \u003cbr\u003eIf exploited an attacker could obtain confidential information.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eList of CPEs:\u003c/span\u003e\u003cbr\u003e\u003cul\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R14B:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R15A:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R15B:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R16A:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy: unem :R10C:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy: unem :R11A:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy: unem :R11B:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy: unem :R14A:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy: unem :R14B:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy: unem :R15A:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy: unem :R15B:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy: unem :R16A:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. \nIf exploited an attacker could obtain confidential information.\n\n\n\nList of CPEs:\n  *  cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman_un:R14B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman_un:R15A:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman_un:R15B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman_un:R16A:*:*:*:*:*:*:*\n\n  *  \n  *  cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy: unem :R10C:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy: unem :R11A:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy: unem :R11B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy: unem :R14A:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy: unem :R14B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy: unem :R15A:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy: unem :R15B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy: unem :R16A:*:*:*:*:*:*:*\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "CWE-117",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-30T18:46:29.787Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000155\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000166\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability is remediated in FOXMAN-UN/UNEM R16B.\u003cbr\u003ePlease upgrade to R16B when released or apply general mitigation factors.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "The vulnerability is remediated in FOXMAN-UN/UNEM R16B.\nPlease upgrade to R16B when released or apply general mitigation factors.\n\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nApply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section.\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nApply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section.\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2023-1711",
        "datePublished": "2023-05-30T18:46:24.317Z",
        "dateReserved": "2023-03-30T07:56:02.223Z",
        "dateUpdated": "2025-01-09T21:19:26.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3929 (GCVE-0-2022-3929)

    Vulnerability from nvd – Published: 2023-01-05 21:54 – Updated: 2025-04-10 13:51
    VLAI
    Title
    Communication between the client and server partially using CORBA over TCP/IP
    Summary
    Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Unaffected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R15A
    Affected: FOXMAN-UN R14B
    Affected: FOXMAN-UN R14A
    Affected: FOXMAN-UN R11B
    Affected: FOXMAN-UN R11A
    Affected: FOXMAN-UN R10C
    Affected: FOXMAN-UN R9C
    Create a notification for this product.
    Hitachi Energy UNEM Unaffected: UNEM R16A
    Affected: UNEM R15B
    Affected: UNEM R15A
    Affected: UNEM R14B
    Affected: UNEM R14A
    Affected: UNEM R11B
    Affected: UNEM R11A
    Affected: UNEM R10C
    Affected: UNEM R9C
    Create a notification for this product.
    Date Public
    2022-12-13 13:30
    Credits
    K-Businessom AG, Austria
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.099Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3929",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-10T13:51:05.411841Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T13:51:12.769Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R10C"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R9C"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R10C"
                },
                {
                  "status": "affected",
                  "version": "UNEM R9C"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "K-Businessom AG, Austria"
            }
          ],
          "datePublic": "2022-12-13T13:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nCommunication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects \u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \u003c/li\u003e\u003cli\u003eUNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eList of CPEs: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nCommunication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages.\n\n\nThis issue affects \n\n\n\n  *  FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \n  *  UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\n\n\n\n\nList of CPEs: \n  *  cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n\n\n\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-158",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-158 Sniffing Network Traffic"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-05T21:54:51.823Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Communication between the client and server partially using CORBA over TCP/IP",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\u003cbr\u003e\u003cul\u003e\u003cli\u003eSecure the NMS CLIENT/SERVER communication.\u003c/li\u003e\u003c/ul\u003e\n\n"
                }
              ],
              "value": "\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n  *  Secure the NMS CLIENT/SERVER communication.\n\n\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2022-3929",
        "datePublished": "2023-01-05T21:54:51.823Z",
        "dateReserved": "2022-11-10T15:40:42.305Z",
        "dateUpdated": "2025-04-10T13:51:12.769Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3928 (GCVE-0-2022-3928)

    Vulnerability from nvd – Published: 2023-01-05 21:50 – Updated: 2025-04-10 13:51
    VLAI
    Title
    Hardcoded credential is found in the message queue
    Summary
    Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Unaffected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R15A
    Affected: FOXMAN-UN R14B
    Affected: FOXMAN-UN R14A
    Affected: FOXMAN-UN R11B
    Affected: FOXMAN-UN R11A
    Affected: FOXMAN-UN R10C
    Affected: FOXMAN-UN R9C
    Create a notification for this product.
    Hitachi Energy UNEM Unaffected: UNEM R16A
    Affected: UNEM R15B
    Affected: UNEM R15A
    Affected: UNEM R14B
    Affected: UNEM R14A
    Affected: UNEM R11B
    Affected: UNEM R11A
    Affected: UNEM R10C
    Affected: UNEM R9C
    Create a notification for this product.
    Date Public
    2022-12-13 13:30
    Credits
    K-Businessom AG, Austria
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3928",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-10T13:51:36.387546Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T13:51:45.488Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R10C"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R9C"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R10C"
                },
                {
                  "status": "affected",
                  "version": "UNEM R9C"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "K-Businessom AG, Austria"
            }
          ],
          "datePublic": "2022-12-13T13:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nHardcoded credential is found in affected products\u0027 message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue.\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eThis issue affects \u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \u003c/li\u003e\u003cli\u003eUNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eList of CPEs: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nHardcoded credential is found in affected products\u0027 message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue.\n\n\n\nThis issue affects \n\n\n\n  *  FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \n  *  UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\n\n\n\n\nList of CPEs: \n  *  cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n\n\n\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-05T21:50:47.595Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Hardcoded credential is found in the message queue",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\u003cbr\u003e\u003cul\u003e\u003cli\u003eSecure the NMS CLIENT/SERVER communication.\u003c/li\u003e\u003c/ul\u003e\n\n"
                }
              ],
              "value": "\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n  *  Secure the NMS CLIENT/SERVER communication.\n\n\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2022-3928",
        "datePublished": "2023-01-05T21:50:47.595Z",
        "dateReserved": "2022-11-10T14:48:35.829Z",
        "dateUpdated": "2025-04-10T13:51:45.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3927 (GCVE-0-2022-3927)

    Vulnerability from nvd – Published: 2023-01-05 21:41 – Updated: 2025-04-10 14:06
    VLAI
    Title
    The affected products store public and private key that are used to sign and protect custom parameter set files from modification.
    Summary
    The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the legitimate CPS file. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Unaffected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R15A
    Affected: FOXMAN-UN R14B
    Affected: FOXMAN-UN R14A
    Affected: FOXMAN-UN R11B
    Affected: FOXMAN-UN R11A
    Affected: FOXMAN-UN R10C
    Affected: FOXMAN-UN R9C
    Create a notification for this product.
    Hitachi Energy UNEM Unaffected: UNEM R16A
    Affected: UNEM R15B
    Affected: UNEM R15A
    Affected: UNEM R14B
    Affected: UNEM R14A
    Affected: UNEM R11B
    Affected: UNEM R11A
    Affected: UNEM R10C
    Affected: UNEM R9C
    Create a notification for this product.
    Date Public
    2022-12-13 13:30
    Credits
    K-Businessom AG, Austria
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:52.952Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3927",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-10T14:06:51.022898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T14:06:59.197Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R10C"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R9C"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R10C"
                },
                {
                  "status": "affected",
                  "version": "UNEM R9C"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "K-Businessom AG, Austria"
            }
          ],
          "datePublic": "2022-12-13T13:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nThe affected products store both public and private key that are used to sign and\nprotect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change\nthe CPS file, sign it so that it is trusted as the legitimate CPS file.\n\n\n\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eThis issue affects \u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \u003c/li\u003e\u003cli\u003eUNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eList of CPEs: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nThe affected products store both public and private key that are used to sign and\nprotect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change\nthe CPS file, sign it so that it is trusted as the legitimate CPS file.\n\n\n\n\n\n\n\n\nThis issue affects \n\n\n\n  *  FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \n  *  UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\n\n\n\n\nList of CPEs: \n  *  cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n\n\n\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-75",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-75 Manipulating Writeable Configuration Files"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-05T21:41:38.258Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "The affected products store public and private key that are used to sign and protect custom parameter set files from modification.",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "For immediate recommended mitigation action if using FOXMAN-UN R15B and earlier OR UNEM R15B\u0026nbsp;and earlier, follow the recommended security practices as described in section\u0026nbsp;Mitigation Factors/Workarounds in the respective products\u0027 advisory."
                }
              ],
              "value": "For immediate recommended mitigation action if using FOXMAN-UN R15B and earlier OR UNEM R15B\u00a0and earlier, follow the recommended security practices as described in section\u00a0Mitigation Factors/Workarounds in the respective products\u0027 advisory."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2022-3927",
        "datePublished": "2023-01-05T21:41:38.258Z",
        "dateReserved": "2022-11-10T14:47:26.984Z",
        "dateUpdated": "2025-04-10T14:06:59.197Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40342 (GCVE-0-2021-40342)

    Vulnerability from nvd – Published: 2023-01-05 21:27 – Updated: 2025-04-10 14:07
    VLAI
    Title
    Use of default key for encryption
    Summary
    In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R15A
    Affected: FOXMAN-UN R14B
    Affected: FOXMAN-UN R14A
    Affected: FOXMAN-UN R11B
    Affected: FOXMAN-UN R11A
    Affected: FOXMAN-UN R10C
    Affected: FOXMAN-UN R9C
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16A
    Affected: UNEM R15B
    Affected: UNEM R15A
    Affected: UNEM R14B
    Affected: UNEM R14A
    Affected: UNEM R11B
    Affected: UNEM R11A
    Affected: UNEM R10C
    Affected: UNEM R9C
    Create a notification for this product.
    Date Public
    2022-12-13 13:30
    Credits
    K-Businessom AG, Austria
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:27:31.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40342",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-10T14:07:13.855207Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T14:07:23.190Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R10C"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R9C"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R10C"
                },
                {
                  "status": "affected",
                  "version": "UNEM R9C"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "K-Businessom AG, Austria"
            }
          ],
          "datePublic": "2022-12-13T13:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eto obtain sensitive information and gain access to the network elements that are managed by the affected products versions.\u003c/span\u003e\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eThis issue affects \u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \u003c/li\u003e\u003cli\u003eUNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eList of CPEs: \u003cbr\u003e\u003cul\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e\n\n\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nIn the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions.\n\n\n\n\n\nThis issue affects \n\n\n\n  *  FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \n  *  UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\n\n\n\n\nList of CPEs: \n  *  cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-20",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-20 Encryption Brute Forcing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-05T21:27:02.929Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use of default key for encryption",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n\u003cbr\u003e\u003cbr\u003eFor immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDatabase contains credentials with weak encryption\u003c/span\u003e\n\nclause of section Mitigation Factors/Workarounds\nin the respective products\u0027 advisory.\n\u003cbr\u003e\u003cbr\u003eFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\u003cbr\u003e\u003cul\u003e\u003cli\u003eSecure the NMS CLIENT/SERVER communication. \u003c/li\u003e\u003cli\u003eEmbedded FOXCST with RADIUS authentication should be avoided. \u003c/li\u003e\u003cli\u003eDatabase contains credentials with weak encryption.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "\n\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\nDatabase contains credentials with weak encryption\n\nclause of section Mitigation Factors/Workarounds\nin the respective products\u0027 advisory.\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n  *  Secure the NMS CLIENT/SERVER communication. \n  *  Embedded FOXCST with RADIUS authentication should be avoided. \n  *  Database contains credentials with weak encryption.\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2021-40342",
        "datePublished": "2023-01-05T21:27:02.929Z",
        "dateReserved": "2021-08-31T20:24:21.499Z",
        "dateUpdated": "2025-04-10T14:07:23.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40341 (GCVE-0-2021-40341)

    Vulnerability from nvd – Published: 2023-01-05 21:26 – Updated: 2025-04-10 13:31
    VLAI
    Title
    Weak DES encryption
    Summary
    DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects  * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C;  * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs:  * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R15A
    Affected: FOXMAN-UN R14B
    Affected: FOXMAN-UN R14A
    Affected: FOXMAN-UN R11B
    Affected: FOXMAN-UN R11A
    Affected: FOXMAN-UN R10C
    Affected: FOXMAN-UN R9C
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16A
    Affected: UNEM R15B
    Affected: UNEM R15A
    Affected: UNEM R14B
    Affected: UNEM R14A
    Affected: UNEM R11B
    Affected: UNEM R11A
    Affected: UNEM R10C
    Affected: UNEM R9C
    Create a notification for this product.
    Date Public
    2022-12-13 13:30
    Credits
    K-Businessom AG, Austria
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:27:31.978Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40341",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-10T13:30:48.243722Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T13:31:25.498Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R10C"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R9C"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R10C"
                },
                {
                  "status": "affected",
                  "version": "UNEM R9C"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "K-Businessom AG, Austria"
            }
          ],
          "datePublic": "2022-12-13T13:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily.\u0026nbsp;\u003cp\u003eThis issue affects\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C;\u0026nbsp;\u003c/li\u003e\u003cli\u003eUNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eList of CPEs:\u0026nbsp;\u003cbr\u003e\u003cul\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
                }
              ],
              "value": "DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily.\u00a0This issue affects\u00a0\n\n\n\n  *  FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C;\u00a0\n  *  UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\n\n\n\n\nList of CPEs:\u00a0\n  *  cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-20",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-20 Encryption Brute Forcing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326 Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-05T21:26:42.760Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weak DES encryption",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n\u003cbr\u003e\u003cbr\u003eFor immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDatabase contains credentials with weak encryption\u003c/span\u003e\n\nclause of section Mitigation Factors/Workarounds\nin the respective products\u0027 advisory.\n\u003cbr\u003e\u003cbr\u003eFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\u003cbr\u003e\u003cul\u003e\u003cli\u003eSecure the NMS CLIENT/SERVER communication.\u0026nbsp;\u003c/li\u003e\u003cli\u003eEmbedded FOXCST with RADIUS authentication should be avoided.\u0026nbsp;\u003c/li\u003e\u003cli\u003eDatabase contains credentials with weak encryption.\n\n\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\nDatabase contains credentials with weak encryption\n\nclause of section Mitigation Factors/Workarounds\nin the respective products\u0027 advisory.\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n  *  Secure the NMS CLIENT/SERVER communication.\u00a0\n  *  Embedded FOXCST with RADIUS authentication should be avoided.\u00a0\n  *  Database contains credentials with weak encryption.\n\n\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2021-40341",
        "datePublished": "2023-01-05T21:26:42.760Z",
        "dateReserved": "2021-08-31T20:24:21.498Z",
        "dateUpdated": "2025-04-10T13:31:25.498Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28020 (GCVE-0-2024-28020)

    Vulnerability from cvelistv5 – Published: 2024-06-11 18:20 – Updated: 2024-10-29 14:22
    VLAI
    Summary
    A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-286 - Incorrect User Management
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16B
    Affected: UNEM R15B
    Affected: UNEM R16A
    Affected: UNEM R15A
    Create a notification for this product.
    hitachienergy foxman-un Affected: r16b
    Affected: r15b
    Affected: r15a
    Affected: r16a
        cpe:2.3:a:hitachienergy:foxman-un:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy unem Affected: r15b
    Affected: r16b
    Affected: r15a
    Affected: r16a
        cpe:2.3:a:hitachienergy:unem:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:foxman-un:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "foxman-un",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r16b"
                  },
                  {
                    "status": "affected",
                    "version": "r15b"
                  },
                  {
                    "status": "affected",
                    "version": "r15a"
                  },
                  {
                    "status": "affected",
                    "version": "r16a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:unem:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "unem",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r15b"
                  },
                  {
                    "status": "affected",
                    "version": "r16b"
                  },
                  {
                    "status": "affected",
                    "version": "r15a"
                  },
                  {
                    "status": "affected",
                    "version": "r16a"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28020",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T20:27:26.873565Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T20:34:29.900Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:47.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application\nand server management. If exploited a malicious high-privileged\nuser could use the passwords and login information through complex routines to extend access on the server and other services."
                }
              ],
              "value": "A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application\nand server management. If exploited a malicious high-privileged\nuser could use the passwords and login information through complex routines to extend access on the server and other services."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-286",
                  "description": "CWE-286 Incorrect User Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-29T14:22:19.869Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
            },
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-28020",
        "datePublished": "2024-06-11T18:20:35.573Z",
        "dateReserved": "2024-02-29T13:42:00.745Z",
        "dateUpdated": "2024-10-29T14:22:19.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28024 (GCVE-0-2024-28024)

    Vulnerability from cvelistv5 – Published: 2024-06-11 18:17 – Updated: 2024-10-29 14:42
    VLAI
    Summary
    A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16B
    Affected: UNEM R15B
    Affected: UNEM R16A
    Affected: UNEM R15A
    Create a notification for this product.
    hitachi_energy foxman-un Affected: FOXMAN-UN R16B
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
        cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy unem Affected: UNEM R16B
    Affected: UNEM R15B
    Affected: UNEM R16A
    Affected: UNEM R15A
        cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "foxman-un",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R16B"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R15B"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R16A"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R15A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "unem",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "UNEM R16B"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R15B"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R16A"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R15A"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28024",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T20:22:36.317764Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T20:39:33.569Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:47.698Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is \nstored in cleartext within a resource that might be accessible to another control sphere."
                }
              ],
              "value": "A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is \nstored in cleartext within a resource that might be accessible to another control sphere."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-29T14:42:42.760Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
            },
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-28024",
        "datePublished": "2024-06-11T18:17:54.877Z",
        "dateReserved": "2024-02-29T13:42:00.746Z",
        "dateUpdated": "2024-10-29T14:42:42.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28022 (GCVE-0-2024-28022)

    Vulnerability from cvelistv5 – Published: 2024-06-11 18:15 – Updated: 2025-05-20 14:00
    VLAI
    Summary
    A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16B
    Affected: UNEM R15B
    Affected: UNEM 16A
    Affected: UNEM 15A
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28022",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T19:32:31.382514Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T14:00:48.279Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:47.751Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM 16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM 15A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of\nauthentication attempts using different passwords, and eventually\ngain access to other components in the same security realm using\nthe targeted account.\n\n\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of\nauthentication attempts using different passwords, and eventually\ngain access to other components in the same security realm using\nthe targeted account."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-29T14:33:38.987Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
            },
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-28022",
        "datePublished": "2024-06-11T18:15:42.349Z",
        "dateReserved": "2024-02-29T13:42:00.746Z",
        "dateUpdated": "2025-05-20T14:00:48.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28023 (GCVE-0-2024-28023)

    Vulnerability from cvelistv5 – Published: 2024-06-11 13:55 – Updated: 2024-08-02 00:48
    VLAI
    Summary
    A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-259 - Use of Hard-coded Password
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B PC2
    Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom)
    Affected: FOXMAN-UN R15B PC4
    Unaffected: FOXMAN-UN R15B PC5
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16B PC2
    Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom)
    Affected: UNEM R15B PC4
    Unaffected: UNEM R15B PC4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28023",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T15:40:34.740767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-24T15:15:53.504Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:47.834Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16B PC2"
                },
                {
                  "lessThanOrEqual": "FOXMAN-UN R16B PC4",
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B PC4"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R15B PC5"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16B PC2"
                },
                {
                  "lessThanOrEqual": "UNEM R16B PC4",
                  "status": "unaffected",
                  "version": "UNEM R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B PC4"
                },
                {
                  "status": "unaffected",
                  "version": "UNEM R15B PC4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists in the message queueing mechanism that if \nexploited can lead to the exposure of resources or functionality to \nunintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.\n\n\n"
                }
              ],
              "value": "A vulnerability exists in the message queueing mechanism that if \nexploited can lead to the exposure of resources or functionality to \nunintended actors, possibly providing attackers with sensitive information or even execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-259",
                  "description": "CWE-259 Use of Hard-coded Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-12T16:05:56.127Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-28023",
        "datePublished": "2024-06-11T13:55:56.127Z",
        "dateReserved": "2024-02-29T13:42:00.746Z",
        "dateUpdated": "2024-08-02T00:48:47.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28021 (GCVE-0-2024-28021)

    Vulnerability from cvelistv5 – Published: 2024-06-11 13:30 – Updated: 2024-10-29 14:27
    VLAI
    Summary
    A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B PC2 (custom)
    Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom)
    Affected: FOXMAN-UN R15B PC4 (custom)
    Unaffected: FOXMAN-UN R15B PC5 (custom)
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16B PC2 (custom)
    Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom)
    Affected: UNEM R15B PC4 (custom)
    Unaffected: UNEM R15B PC5 (custom)
    Create a notification for this product.
    hitachienergy unem Affected: r16bpc2
    Affected: r15bpc4
        cpe:2.3:a:hitachienergy:unem:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy foxman-un Affected: r16bpc2
    Affected: r15bpc4
        cpe:2.3:a:hitachienergy:foxman-un:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:unem:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "unem",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r16bpc2"
                  },
                  {
                    "status": "affected",
                    "version": "r15bpc4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:foxman-un:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "foxman-un",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r16bpc2"
                  },
                  {
                    "status": "affected",
                    "version": "r15bpc4"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28021",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T14:36:08.316220Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T15:13:35.936Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:47.815Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16B PC2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "FOXMAN-UN R16B PC4",
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B PC4",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R15B PC5",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16B PC2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "UNEM R16B PC4",
                  "status": "unaffected",
                  "version": "UNEM R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B PC4",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "UNEM R15B PC5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message \nqueueing mechanism\u2019s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality \nand integrity."
                }
              ],
              "value": "A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message \nqueueing mechanism\u2019s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality \nand integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-29T14:27:45.146Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
            },
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-28021",
        "datePublished": "2024-06-11T13:30:12.765Z",
        "dateReserved": "2024-02-29T13:42:00.746Z",
        "dateUpdated": "2024-10-29T14:27:45.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2011 (GCVE-0-2024-2011)

    Vulnerability from cvelistv5 – Published: 2024-06-11 13:24 – Updated: 2024-08-01 18:56
    VLAI
    Summary
    A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B PC2 (custom)
    Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom)
    Affected: FOXMAN-UN R15B PC4 (custom)
    Unaffected: FOXMAN-UN R16B PC5 (custom)
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16B PC2 (custom)
    Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom)
    Affected: UNEM R15B PC4 (custom)
    Unaffected: UNEM R16B PC5 (custom)
    Affected: UNEM R16A
    Affected: UNEM R15A
    Create a notification for this product.
    hitachi_energy foxman-un Affected: FOXMAN-UN R16B PC2
    Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom)
    Affected: FOXMAN-UN R15B PC4
    Unaffected: FOXMAN-UN R16B PC5
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
        cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy unem Affected: UNEM R16B PC2
    Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom)
    Affected: UNEM R15B PC4
    Unaffected: UNEM R16B PC5
    Affected: UNEM R16A
    Affected: UNEM R15A
        cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "foxman-un",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R16B PC2"
                  },
                  {
                    "lessThanOrEqual": "FOXMAN-UN R16B PC4",
                    "status": "unaffected",
                    "version": "FOXMAN-UN R16B PC3",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R15B PC4"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOXMAN-UN R16B PC5"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R16A"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R15A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "unem",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "UNEM R16B PC2"
                  },
                  {
                    "lessThanOrEqual": "UNEM R16B PC4",
                    "status": "unaffected",
                    "version": "UNEM R16B PC3",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R15B PC4"
                  },
                  {
                    "status": "unaffected",
                    "version": "UNEM R16B PC5"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R16A"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R15A"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2011",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-18T19:34:01.919299Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T19:57:39.468Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16B PC2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "FOXMAN-UN R16B PC4",
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B PC4",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16B PC2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "UNEM R16B PC4",
                  "status": "unaffected",
                  "version": "UNEM R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B PC4",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "UNEM R16B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that\nif exploited will generally lead to a denial of service but can be used \nto execute arbitrary code, which is usually outside the scope of a\nprogram\u0027s implicit security policy"
                }
              ],
              "value": "A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that\nif exploited will generally lead to a denial of service but can be used \nto execute arbitrary code, which is usually outside the scope of a\nprogram\u0027s implicit security policy"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T13:59:18.165Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
            },
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-2011",
        "datePublished": "2024-06-11T13:24:58.764Z",
        "dateReserved": "2024-02-29T13:42:05.971Z",
        "dateUpdated": "2024-08-01T18:56:22.675Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2012 (GCVE-0-2024-2012)

    Vulnerability from cvelistv5 – Published: 2024-06-11 13:16 – Updated: 2024-08-01 18:56
    VLAI
    Summary
    vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B PC2 (custom)
    Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom)
    Affected: FOXMAN-UN R15B PC4 (custom)
    Unaffected: FOXMAN-UN R15B PC5 (custom)
    Affected: FOXMAN-UN R16A (custom)
    Affected: FOXMAN-UN R15A (custom)
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16B PC2 (custom)
    Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom)
    Affected: UNEM R15B PC4 (custom)
    Affected: UNEM R15B PC5 (custom)
    Affected: UNEM R15A (custom)
    Affected: UNEM R16A (custom)
    Create a notification for this product.
    hitachienergy foxman_un Affected: pc2
        cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy foxman_un Unaffected: pc3
        cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy foxman_un Affected: pc4
        cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy foxman_un Unaffected: pc5
        cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy foxman_un Affected: r16a
        cpe:2.3:a:hitachienergy:foxman_un:r16a:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy foxman_un Affected: r15a
        cpe:2.3:a:hitachienergy:foxman_un:r15a:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy unem Affected: pc2
        cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy unem Unaffected: pc3
        cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy unem Affected: pc4
        cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy unem Affected: pc5
        cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy unem Affected: r15a
        cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachienergy unem Affected: r16a
        cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "foxman_un",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "pc2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "foxman_un",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "pc3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "foxman_un",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "pc4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "foxman_un",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "pc5"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:foxman_un:r16a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "foxman_un",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r16a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:foxman_un:r15a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "foxman_un",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r15a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unem",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "pc2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unem",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "pc3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unem",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "pc4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unem",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "pc5"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unem",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r15a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unem",
                "vendor": "hitachienergy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r16a"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2012",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T15:24:47.544271Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T16:07:08.026Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.575Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16B PC2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "FOXMAN-UN R16B PC4",
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B PC4",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R15B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16B PC2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "UNEM R16B PC4",
                  "status": "unaffected",
                  "version": "UNEM R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B PC4",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R16A",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or \ncode to be executed on the UNEM server allowing sensitive data to \nbe read or modified or could cause other unintended behavior"
                }
              ],
              "value": "vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or \ncode to be executed on the UNEM server allowing sensitive data to \nbe read or modified or could cause other unintended behavior"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T13:58:20.884Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-2012",
        "datePublished": "2024-06-11T13:16:29.566Z",
        "dateReserved": "2024-02-29T13:42:06.985Z",
        "dateUpdated": "2024-08-01T18:56:22.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2013 (GCVE-0-2024-2013)

    Vulnerability from cvelistv5 – Published: 2024-06-11 13:14 – Updated: 2024-08-01 18:56
    VLAI
    Summary
    An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B PC2 (custom)
    Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom)
    Affected: FOXMAN-UN R15B PC4 (custom)
    Unaffected: FOXMAN-UN R15B PC5 (custom)
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16B PC2 (custom)
    Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom)
    Affected: UNEM R15B PC4 (custom)
    Affected: UNEM R15B PC5 (custom)
    Affected: UNEM R16B
    Affected: UNEM R15A
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2013",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T18:16:13.737199Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-12T18:16:25.336Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.747Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16B PC2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "FOXMAN-UN R16B PC4",
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B PC4",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R15B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16B PC2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "UNEM R16B PC4",
                  "status": "unaffected",
                  "version": "UNEM R16B PC3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B PC4",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R16B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /\nAPI Gateway component that if exploited allows attackers without \nany access to interact with the services and the post-authentication \nattack surface."
                }
              ],
              "value": "An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /\nAPI Gateway component that if exploited allows attackers without \nany access to interact with the services and the post-authentication \nattack surface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T13:57:13.510Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-2013",
        "datePublished": "2024-06-11T13:14:40.501Z",
        "dateReserved": "2024-02-29T13:42:08.147Z",
        "dateUpdated": "2024-08-01T18:56:22.747Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2462 (GCVE-0-2024-2462)

    Vulnerability from cvelistv5 – Published: 2024-06-11 12:48 – Updated: 2024-08-01 19:11
    VLAI
    Summary
    Allow attackers to intercept or falsify data exchanges between the client and the server
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-297 - Improper Validation of Certificate with Host Mismatch
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: 0 , ≤ FOXMAN-UN R16B PC2 (custom)
    Unaffected: FOXMAN-UN R16B PC3 (custom)
    Affected: 0 , ≤ FOXMAN-UN R15B PC4 (custom)
    Unaffected: FOXMAN-UN R15B PC5 (custom)
    Affected: FOXMAN-UN R16A (custom)
    Affected: FOXMAN-UN R15A (custom)
    Create a notification for this product.
    Hitachi Energy FOX61x Affected: 0 , < FOX61x R16B (custom)
    Unaffected: FOX61x R16B (custom)
    Create a notification for this product.
    Hitachi Energy FOXCST Affected: 0 , < FOXCST_16.2.1 (custom)
    Unaffected: FOXCST_16.2.1 (custom)
    Create a notification for this product.
    Hitachi Energy UNEM Affected: 0 , ≤ UNEM R16B PC2 (custom)
    Unaffected: UNEM R16B PC3 (custom)
    Affected: 0 , ≤ UNEM R15B PC4 (custom)
    Unaffected: UNEM R15B PC5 (custom)
    Affected: UNEM R16A (custom)
    Affected: UNEM R15A (custom)
    Create a notification for this product.
    Hitachi Energy XMC20 Affected: R16B (custom)
    Create a notification for this product.
    Hitachi Energy ECST Affected: ECST_16.2.1 (custom)
    Create a notification for this product.
    hitachi_energy foxman-un Affected: 0 , ≤ FOXMAN-UN R16B PC2 (custom)
    Unaffected: FOXMAN-UN R16B PC3
    Affected: 0 , ≤ FOXMAN-UN R15B PC4 (custom)
    Unaffected: FOXMAN-UN R15B PC5
    Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15A
        cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy fox61x Affected: 0 , < FOX61x R16B (custom)
    Unaffected: FOX61x R16B
        cpe:2.3:a:hitachi_energy:fox61x:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy foxcst Affected: 0 , < FOXCST_16.2.1 (custom)
    Unaffected: FOXCST_16.2.1
        cpe:2.3:a:hitachi_energy:foxcst:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy unem Affected: 0 , ≤ UNEM R16B PC2 (custom)
    Unaffected: UNEM R16B PC3
    Affected: 0 , ≤ UNEM R15B PC4 (custom)
    Unaffected: UNEM R15B PC5
    Affected: UNEM R16A
    Affected: UNEM R15A
        cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy xmc20 Affected: R16B
        cpe:2.3:a:hitachi_energy:xmc20:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hitachi_energy ecst Affected: ECST_16.2.1
        cpe:2.3:a:hitachi_energy:ecst:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "foxman-un",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "lessThanOrEqual": "FOXMAN-UN R16B PC2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOXMAN-UN R16B PC3"
                  },
                  {
                    "lessThanOrEqual": "FOXMAN-UN R15B PC4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOXMAN-UN R15B PC5"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R16A"
                  },
                  {
                    "status": "affected",
                    "version": "FOXMAN-UN R15A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:fox61x:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "fox61x",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "lessThan": "FOX61x R16B",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOX61x R16B"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:foxcst:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "foxcst",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "lessThan": "FOXCST_16.2.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "FOXCST_16.2.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "unem",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "lessThanOrEqual": "UNEM R16B PC2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "UNEM R16B PC3"
                  },
                  {
                    "lessThanOrEqual": "UNEM R15B PC4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "unaffected",
                    "version": "UNEM R15B PC5"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R16A"
                  },
                  {
                    "status": "affected",
                    "version": "UNEM R15A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:xmc20:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "xmc20",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "R16B"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hitachi_energy:ecst:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "ecst",
                "vendor": "hitachi_energy",
                "versions": [
                  {
                    "status": "affected",
                    "version": "ECST_16.2.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2462",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T18:31:01.584910Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-12T19:06:16.825Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.576Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198\u0026languageCode=en\u0026Preview=true"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "FOXMAN-UN R16B PC2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16B PC3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "FOXMAN-UN R15B PC4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R15B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "FOX61x",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThan": "FOX61x R16B",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOX61x R16B",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "FOXCST",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThan": "FOXCST_16.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "FOXCST_16.2.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "UNEM R16B PC2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "UNEM R16B PC3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "UNEM R15B PC4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "UNEM R15B PC5",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R16A",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XMC20",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "R16B",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ECST",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "ECST_16.2.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Allow attackers to intercept or falsify data exchanges between the client \nand the server\n\n"
                }
              ],
              "value": "Allow attackers to intercept or falsify data exchanges between the client \nand the server"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-297",
                  "description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T12:48:57.963Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198\u0026languageCode=en\u0026Preview=true"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2024-2462",
        "datePublished": "2024-06-11T12:48:57.963Z",
        "dateReserved": "2024-03-14T17:09:59.755Z",
        "dateUpdated": "2024-08-01T19:11:53.576Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1711 (GCVE-0-2023-1711)

    Vulnerability from cvelistv5 – Published: 2023-05-30 18:46 – Updated: 2025-01-09 21:19
    VLAI
    Summary
    A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information. List of CPEs: * cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R16A:*:*:*:*:*:*:* * * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R16A:*:*:*:*:*:*:*
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R15A
    Affected: FOXMAN-UN R14B
    Affected: FOXMAN-UN R14A
    Affected: FOXMAN-UN R11B
    Affected: FOXMAN-UN R11A
    Affected: FOXMAN-UN R10C
    Affected: FOXMAN-UN R9C
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16A
    Affected: UNEM R15B
    Affected: UNEM R15A
    Affected: UNEM R14B
    Affected: UNEM R14A
    Affected: UNEM R11B
    Affected: UNEM R11A
    Affected: UNEM R10C
    Affected: UNEM R9C
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:57:25.264Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000155\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000166\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1711",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-09T21:19:08.886899Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-09T21:19:26.511Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R10C"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R9C"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R10C"
                },
                {
                  "status": "affected",
                  "version": "UNEM R9C"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. \u003cbr\u003eIf exploited an attacker could obtain confidential information.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eList of CPEs:\u003c/span\u003e\u003cbr\u003e\u003cul\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R14B:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R15A:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R15B:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman_un:R16A:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy: unem :R10C:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy: unem :R11A:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy: unem :R11B:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy: unem :R14A:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy: unem :R14B:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy: unem :R15A:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy: unem :R15B:*:*:*:*:*:*:*\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy: unem :R16A:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. \nIf exploited an attacker could obtain confidential information.\n\n\n\nList of CPEs:\n  *  cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman_un:R14B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman_un:R15A:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman_un:R15B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman_un:R16A:*:*:*:*:*:*:*\n\n  *  \n  *  cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy: unem :R10C:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy: unem :R11A:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy: unem :R11B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy: unem :R14A:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy: unem :R14B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy: unem :R15A:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy: unem :R15B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy: unem :R16A:*:*:*:*:*:*:*\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "CWE-117",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-30T18:46:29.787Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000155\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000166\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability is remediated in FOXMAN-UN/UNEM R16B.\u003cbr\u003ePlease upgrade to R16B when released or apply general mitigation factors.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "The vulnerability is remediated in FOXMAN-UN/UNEM R16B.\nPlease upgrade to R16B when released or apply general mitigation factors.\n\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nApply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section.\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nApply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section.\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2023-1711",
        "datePublished": "2023-05-30T18:46:24.317Z",
        "dateReserved": "2023-03-30T07:56:02.223Z",
        "dateUpdated": "2025-01-09T21:19:26.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3929 (GCVE-0-2022-3929)

    Vulnerability from cvelistv5 – Published: 2023-01-05 21:54 – Updated: 2025-04-10 13:51
    VLAI
    Title
    Communication between the client and server partially using CORBA over TCP/IP
    Summary
    Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Unaffected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R15A
    Affected: FOXMAN-UN R14B
    Affected: FOXMAN-UN R14A
    Affected: FOXMAN-UN R11B
    Affected: FOXMAN-UN R11A
    Affected: FOXMAN-UN R10C
    Affected: FOXMAN-UN R9C
    Create a notification for this product.
    Hitachi Energy UNEM Unaffected: UNEM R16A
    Affected: UNEM R15B
    Affected: UNEM R15A
    Affected: UNEM R14B
    Affected: UNEM R14A
    Affected: UNEM R11B
    Affected: UNEM R11A
    Affected: UNEM R10C
    Affected: UNEM R9C
    Create a notification for this product.
    Date Public
    2022-12-13 13:30
    Credits
    K-Businessom AG, Austria
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.099Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3929",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-10T13:51:05.411841Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T13:51:12.769Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R10C"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R9C"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R10C"
                },
                {
                  "status": "affected",
                  "version": "UNEM R9C"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "K-Businessom AG, Austria"
            }
          ],
          "datePublic": "2022-12-13T13:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nCommunication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects \u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \u003c/li\u003e\u003cli\u003eUNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eList of CPEs: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nCommunication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages.\n\n\nThis issue affects \n\n\n\n  *  FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \n  *  UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\n\n\n\n\nList of CPEs: \n  *  cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n\n\n\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-158",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-158 Sniffing Network Traffic"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-05T21:54:51.823Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Communication between the client and server partially using CORBA over TCP/IP",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\u003cbr\u003e\u003cul\u003e\u003cli\u003eSecure the NMS CLIENT/SERVER communication.\u003c/li\u003e\u003c/ul\u003e\n\n"
                }
              ],
              "value": "\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n  *  Secure the NMS CLIENT/SERVER communication.\n\n\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2022-3929",
        "datePublished": "2023-01-05T21:54:51.823Z",
        "dateReserved": "2022-11-10T15:40:42.305Z",
        "dateUpdated": "2025-04-10T13:51:12.769Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3928 (GCVE-0-2022-3928)

    Vulnerability from cvelistv5 – Published: 2023-01-05 21:50 – Updated: 2025-04-10 13:51
    VLAI
    Title
    Hardcoded credential is found in the message queue
    Summary
    Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Unaffected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R15A
    Affected: FOXMAN-UN R14B
    Affected: FOXMAN-UN R14A
    Affected: FOXMAN-UN R11B
    Affected: FOXMAN-UN R11A
    Affected: FOXMAN-UN R10C
    Affected: FOXMAN-UN R9C
    Create a notification for this product.
    Hitachi Energy UNEM Unaffected: UNEM R16A
    Affected: UNEM R15B
    Affected: UNEM R15A
    Affected: UNEM R14B
    Affected: UNEM R14A
    Affected: UNEM R11B
    Affected: UNEM R11A
    Affected: UNEM R10C
    Affected: UNEM R9C
    Create a notification for this product.
    Date Public
    2022-12-13 13:30
    Credits
    K-Businessom AG, Austria
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3928",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-10T13:51:36.387546Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T13:51:45.488Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R10C"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R9C"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R10C"
                },
                {
                  "status": "affected",
                  "version": "UNEM R9C"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "K-Businessom AG, Austria"
            }
          ],
          "datePublic": "2022-12-13T13:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nHardcoded credential is found in affected products\u0027 message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue.\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eThis issue affects \u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \u003c/li\u003e\u003cli\u003eUNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eList of CPEs: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nHardcoded credential is found in affected products\u0027 message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue.\n\n\n\nThis issue affects \n\n\n\n  *  FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \n  *  UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\n\n\n\n\nList of CPEs: \n  *  cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n\n\n\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-05T21:50:47.595Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Hardcoded credential is found in the message queue",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\u003cbr\u003e\u003cul\u003e\u003cli\u003eSecure the NMS CLIENT/SERVER communication.\u003c/li\u003e\u003c/ul\u003e\n\n"
                }
              ],
              "value": "\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n  *  Secure the NMS CLIENT/SERVER communication.\n\n\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2022-3928",
        "datePublished": "2023-01-05T21:50:47.595Z",
        "dateReserved": "2022-11-10T14:48:35.829Z",
        "dateUpdated": "2025-04-10T13:51:45.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3927 (GCVE-0-2022-3927)

    Vulnerability from cvelistv5 – Published: 2023-01-05 21:41 – Updated: 2025-04-10 14:06
    VLAI
    Title
    The affected products store public and private key that are used to sign and protect custom parameter set files from modification.
    Summary
    The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the legitimate CPS file. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Unaffected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R15A
    Affected: FOXMAN-UN R14B
    Affected: FOXMAN-UN R14A
    Affected: FOXMAN-UN R11B
    Affected: FOXMAN-UN R11A
    Affected: FOXMAN-UN R10C
    Affected: FOXMAN-UN R9C
    Create a notification for this product.
    Hitachi Energy UNEM Unaffected: UNEM R16A
    Affected: UNEM R15B
    Affected: UNEM R15A
    Affected: UNEM R14B
    Affected: UNEM R14A
    Affected: UNEM R11B
    Affected: UNEM R11A
    Affected: UNEM R10C
    Affected: UNEM R9C
    Create a notification for this product.
    Date Public
    2022-12-13 13:30
    Credits
    K-Businessom AG, Austria
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:52.952Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3927",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-10T14:06:51.022898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T14:06:59.197Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R10C"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R9C"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R10C"
                },
                {
                  "status": "affected",
                  "version": "UNEM R9C"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "K-Businessom AG, Austria"
            }
          ],
          "datePublic": "2022-12-13T13:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nThe affected products store both public and private key that are used to sign and\nprotect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change\nthe CPS file, sign it so that it is trusted as the legitimate CPS file.\n\n\n\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eThis issue affects \u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \u003c/li\u003e\u003cli\u003eUNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eList of CPEs: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nThe affected products store both public and private key that are used to sign and\nprotect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change\nthe CPS file, sign it so that it is trusted as the legitimate CPS file.\n\n\n\n\n\n\n\n\nThis issue affects \n\n\n\n  *  FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \n  *  UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\n\n\n\n\nList of CPEs: \n  *  cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\n\n  *  cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n\n\n\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-75",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-75 Manipulating Writeable Configuration Files"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-05T21:41:38.258Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "The affected products store public and private key that are used to sign and protect custom parameter set files from modification.",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "For immediate recommended mitigation action if using FOXMAN-UN R15B and earlier OR UNEM R15B\u0026nbsp;and earlier, follow the recommended security practices as described in section\u0026nbsp;Mitigation Factors/Workarounds in the respective products\u0027 advisory."
                }
              ],
              "value": "For immediate recommended mitigation action if using FOXMAN-UN R15B and earlier OR UNEM R15B\u00a0and earlier, follow the recommended security practices as described in section\u00a0Mitigation Factors/Workarounds in the respective products\u0027 advisory."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2022-3927",
        "datePublished": "2023-01-05T21:41:38.258Z",
        "dateReserved": "2022-11-10T14:47:26.984Z",
        "dateUpdated": "2025-04-10T14:06:59.197Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40342 (GCVE-0-2021-40342)

    Vulnerability from cvelistv5 – Published: 2023-01-05 21:27 – Updated: 2025-04-10 14:07
    VLAI
    Title
    Use of default key for encryption
    Summary
    In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R15A
    Affected: FOXMAN-UN R14B
    Affected: FOXMAN-UN R14A
    Affected: FOXMAN-UN R11B
    Affected: FOXMAN-UN R11A
    Affected: FOXMAN-UN R10C
    Affected: FOXMAN-UN R9C
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16A
    Affected: UNEM R15B
    Affected: UNEM R15A
    Affected: UNEM R14B
    Affected: UNEM R14A
    Affected: UNEM R11B
    Affected: UNEM R11A
    Affected: UNEM R10C
    Affected: UNEM R9C
    Create a notification for this product.
    Date Public
    2022-12-13 13:30
    Credits
    K-Businessom AG, Austria
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:27:31.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40342",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-10T14:07:13.855207Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T14:07:23.190Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R10C"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R9C"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R10C"
                },
                {
                  "status": "affected",
                  "version": "UNEM R9C"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "K-Businessom AG, Austria"
            }
          ],
          "datePublic": "2022-12-13T13:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eto obtain sensitive information and gain access to the network elements that are managed by the affected products versions.\u003c/span\u003e\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eThis issue affects \u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \u003c/li\u003e\u003cli\u003eUNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eList of CPEs: \u003cbr\u003e\u003cul\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e\n\n\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nIn the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions.\n\n\n\n\n\nThis issue affects \n\n\n\n  *  FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \n  *  UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\n\n\n\n\nList of CPEs: \n  *  cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-20",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-20 Encryption Brute Forcing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-05T21:27:02.929Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use of default key for encryption",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n\u003cbr\u003e\u003cbr\u003eFor immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDatabase contains credentials with weak encryption\u003c/span\u003e\n\nclause of section Mitigation Factors/Workarounds\nin the respective products\u0027 advisory.\n\u003cbr\u003e\u003cbr\u003eFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\u003cbr\u003e\u003cul\u003e\u003cli\u003eSecure the NMS CLIENT/SERVER communication. \u003c/li\u003e\u003cli\u003eEmbedded FOXCST with RADIUS authentication should be avoided. \u003c/li\u003e\u003cli\u003eDatabase contains credentials with weak encryption.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "\n\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\nDatabase contains credentials with weak encryption\n\nclause of section Mitigation Factors/Workarounds\nin the respective products\u0027 advisory.\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n  *  Secure the NMS CLIENT/SERVER communication. \n  *  Embedded FOXCST with RADIUS authentication should be avoided. \n  *  Database contains credentials with weak encryption.\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2021-40342",
        "datePublished": "2023-01-05T21:27:02.929Z",
        "dateReserved": "2021-08-31T20:24:21.499Z",
        "dateUpdated": "2025-04-10T14:07:23.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40341 (GCVE-0-2021-40341)

    Vulnerability from cvelistv5 – Published: 2023-01-05 21:26 – Updated: 2025-04-10 13:31
    VLAI
    Title
    Weak DES encryption
    Summary
    DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects  * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C;  * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs:  * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16A
    Affected: FOXMAN-UN R15B
    Affected: FOXMAN-UN R15A
    Affected: FOXMAN-UN R14B
    Affected: FOXMAN-UN R14A
    Affected: FOXMAN-UN R11B
    Affected: FOXMAN-UN R11A
    Affected: FOXMAN-UN R10C
    Affected: FOXMAN-UN R9C
    Create a notification for this product.
    Hitachi Energy UNEM Affected: UNEM R16A
    Affected: UNEM R15B
    Affected: UNEM R15A
    Affected: UNEM R14B
    Affected: UNEM R14A
    Affected: UNEM R11B
    Affected: UNEM R11A
    Affected: UNEM R10C
    Affected: UNEM R9C
    Create a notification for this product.
    Date Public
    2022-12-13 13:30
    Credits
    K-Businessom AG, Austria
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:27:31.978Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40341",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-10T13:30:48.243722Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T13:31:25.498Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FOXMAN-UN",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R16A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R15A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R14A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11B"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R11A"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R10C"
                },
                {
                  "status": "affected",
                  "version": "FOXMAN-UN R9C"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNEM",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "status": "affected",
                  "version": "UNEM R16A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R15A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R14A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11B"
                },
                {
                  "status": "affected",
                  "version": "UNEM R11A"
                },
                {
                  "status": "affected",
                  "version": "UNEM R10C"
                },
                {
                  "status": "affected",
                  "version": "UNEM R9C"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "K-Businessom AG, Austria"
            }
          ],
          "datePublic": "2022-12-13T13:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily.\u0026nbsp;\u003cp\u003eThis issue affects\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C;\u0026nbsp;\u003c/li\u003e\u003cli\u003eUNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eList of CPEs:\u0026nbsp;\u003cbr\u003e\u003cul\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
                }
              ],
              "value": "DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily.\u00a0This issue affects\u00a0\n\n\n\n  *  FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C;\u00a0\n  *  UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\n\n\n\n\nList of CPEs:\u00a0\n  *  cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\n  *  cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-20",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-20 Encryption Brute Forcing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326 Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-05T21:26:42.760Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weak DES encryption",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n\u003cbr\u003e\u003cbr\u003eFor immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDatabase contains credentials with weak encryption\u003c/span\u003e\n\nclause of section Mitigation Factors/Workarounds\nin the respective products\u0027 advisory.\n\u003cbr\u003e\u003cbr\u003eFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\u003cbr\u003e\u003cul\u003e\u003cli\u003eSecure the NMS CLIENT/SERVER communication.\u0026nbsp;\u003c/li\u003e\u003cli\u003eEmbedded FOXCST with RADIUS authentication should be avoided.\u0026nbsp;\u003c/li\u003e\u003cli\u003eDatabase contains credentials with weak encryption.\n\n\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\nDatabase contains credentials with weak encryption\n\nclause of section Mitigation Factors/Workarounds\nin the respective products\u0027 advisory.\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n  *  Secure the NMS CLIENT/SERVER communication.\u00a0\n  *  Embedded FOXCST with RADIUS authentication should be avoided.\u00a0\n  *  Database contains credentials with weak encryption.\n\n\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2021-40341",
        "datePublished": "2023-01-05T21:26:42.760Z",
        "dateReserved": "2021-08-31T20:24:21.498Z",
        "dateUpdated": "2025-04-10T13:31:25.498Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }