CVE-2024-2012

Summary

vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyFOXMAN-UNFOXMAN-UN R16B PC2affected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R16B PC3 <= FOXMAN-UN R16B PC4unaffected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R15B PC4affected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R15B PC5unaffected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R16Aaffected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R15Aaffected
Hitachi EnergyUNEMUNEM R16B PC2affected
Hitachi EnergyUNEMUNEM R16B PC3 <= UNEM R16B PC4unaffected
Hitachi EnergyUNEMUNEM R15B PC4affected
Hitachi EnergyUNEMUNEM R15B PC5affected
Hitachi EnergyUNEMUNEM R15Aaffected
Hitachi EnergyUNEMUNEM R16Aaffected

Weaknesses

  • CWE-288: CWE-288 Authentication Bypass Using an Alternate Path or Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References