CVE-2023-1711

Summary

A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information.

List of CPEs:

  • cpe:2.3:a:hitachienergy:foxman_un:R9C:::::::*

  • cpe:2.3:a:hitachienergy:foxman_un:R10C:::::::*

  • cpe:2.3:a:hitachienergy:foxman_un:R11A:::::::*

  • cpe:2.3:a:hitachienergy:foxman_un:R11B:::::::*

  • cpe:2.3:a:hitachienergy:foxman_un:R14A:::::::*

  • cpe:2.3:a:hitachienergy:foxman_un:R14B:::::::*

  • cpe:2.3:a:hitachienergy:foxman_un:R15A:::::::*

  • cpe:2.3:a:hitachienergy:foxman_un:R15B:::::::*

  • cpe:2.3:a:hitachienergy:foxman_un:R16A:::::::*

  • cpe:2.3:a:hitachienergy:unem:R9C:::::::*

  • cpe:2.3:a:hitachienergy: unem :R10C:::::::*

  • cpe:2.3:a:hitachienergy: unem :R11A:::::::*

  • cpe:2.3:a:hitachienergy: unem :R11B:::::::*

  • cpe:2.3:a:hitachienergy: unem :R14A:::::::*

  • cpe:2.3:a:hitachienergy: unem :R14B:::::::*

  • cpe:2.3:a:hitachienergy: unem :R15A:::::::*

  • cpe:2.3:a:hitachienergy: unem :R15B:::::::*

  • cpe:2.3:a:hitachienergy: unem :R16A:::::::*

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyFOXMAN-UNFOXMAN-UN R16Aaffected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R15Baffected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R15Aaffected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R14Baffected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R14Aaffected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R11Baffected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R11Aaffected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R10Caffected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R9Caffected
Hitachi EnergyUNEMUNEM R16Aaffected
Hitachi EnergyUNEMUNEM R15Baffected
Hitachi EnergyUNEMUNEM R15Aaffected
Hitachi EnergyUNEMUNEM R14Baffected
Hitachi EnergyUNEMUNEM R14Aaffected
Hitachi EnergyUNEMUNEM R11Baffected
Hitachi EnergyUNEMUNEM R11Aaffected
Hitachi EnergyUNEMUNEM R10Caffected
Hitachi EnergyUNEMUNEM R9Caffected

Weaknesses

  • CWE-117: CWE-117

Workarounds

Apply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References