CVE-2024-2012
9.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R16B PC2 | affected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R16B PC3 <= FOXMAN-UN R16B PC4 | unaffected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R15B PC4 | affected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R15B PC5 | unaffected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R16A | affected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R15A | affected |
| Hitachi Energy | UNEM | UNEM R16B PC2 | affected |
| Hitachi Energy | UNEM | UNEM R16B PC3 <= UNEM R16B PC4 | unaffected |
| Hitachi Energy | UNEM | UNEM R15B PC4 | affected |
| Hitachi Energy | UNEM | UNEM R15B PC5 | affected |
| Hitachi Energy | UNEM | UNEM R15A | affected |
| Hitachi Energy | UNEM | UNEM R16A | affected |
Weaknesses
- CWE-288: CWE-288 Authentication Bypass Using an Alternate Path or Channel
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.