CVE-2024-28022

Summary

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyFOXMAN-UNFOXMAN-UN R16Baffected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R15Baffected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R16Aaffected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R15Aaffected
Hitachi EnergyUNEMUNEM R16Baffected
Hitachi EnergyUNEMUNEM R15Baffected
Hitachi EnergyUNEMUNEM 16Aaffected
Hitachi EnergyUNEMUNEM 15Aaffected

Weaknesses

  • CWE-307: CWE-307 Improper Restriction of Excessive Authentication Attempts

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References