CVE-2024-2013
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R16B PC2 | affected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R16B PC3 <= FOXMAN-UN R16B PC4 | unaffected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R15B PC4 | affected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R15B PC5 | unaffected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R16A | affected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R15A | affected |
| Hitachi Energy | UNEM | UNEM R16B PC2 | affected |
| Hitachi Energy | UNEM | UNEM R16B PC3 <= UNEM R16B PC4 | unaffected |
| Hitachi Energy | UNEM | UNEM R15B PC4 | affected |
| Hitachi Energy | UNEM | UNEM R15B PC5 | affected |
| Hitachi Energy | UNEM | UNEM R16B | affected |
| Hitachi Energy | UNEM | UNEM R15A | affected |
Weaknesses
- CWE-288: CWE-288 Authentication Bypass Using an Alternate Path or Channel
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.