CVE-2022-3929
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages.
This issue affects
- FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C;
- UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.
List of CPEs:
cpe:2.3:a:hitachienergy:foxman-un:R15B:::::::*
cpe:2.3:a:hitachienergy:foxman-un:R15A:::::::*
cpe:2.3:a:hitachienergy:foxman-un:R14B:::::::*
cpe:2.3:a:hitachienergy:foxman-un:R14A:::::::*
cpe:2.3:a:hitachienergy:foxman-un:R11B:::::::*
cpe:2.3:a:hitachienergy:foxman-un:R11A:::::::*
cpe:2.3:a:hitachienergy:foxman-un:R10C:::::::*
cpe:2.3:a:hitachienergy:foxman-un:R9C:::::::*
cpe:2.3:a:hitachienergy:unem:R15B:::::::*
cpe:2.3:a:hitachienergy:unem:R15A:::::::*
cpe:2.3:a:hitachienergy:unem:R14B:::::::*
cpe:2.3:a:hitachienergy:unem:R14A:::::::*
cpe:2.3:a:hitachienergy:unem:R11B:::::::*
cpe:2.3:a:hitachienergy:unem:R11A:::::::*
cpe:2.3:a:hitachienergy:unem:R10C:::::::*
cpe:2.3:a:hitachienergy:unem:R9C:::::::*
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R16A | unaffected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R15B | affected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R15A | affected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R14B | affected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R14A | affected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R11B | affected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R11A | affected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R10C | affected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R9C | affected |
| Hitachi Energy | UNEM | UNEM R16A | unaffected |
| Hitachi Energy | UNEM | UNEM R15B | affected |
| Hitachi Energy | UNEM | UNEM R15A | affected |
| Hitachi Energy | UNEM | UNEM R14B | affected |
| Hitachi Energy | UNEM | UNEM R14A | affected |
| Hitachi Energy | UNEM | UNEM R11B | affected |
| Hitachi Energy | UNEM | UNEM R11A | affected |
| Hitachi Energy | UNEM | UNEM R10C | affected |
| Hitachi Energy | UNEM | UNEM R9C | affected |
Weaknesses
- CWE-319: CWE-319 Cleartext Transmission of Sensitive Information
Workarounds
For immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory
- Secure the NMS CLIENT/SERVER communication.
ADP Enrichment
CVE Program Container
Additional References
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.