CVE-2024-28022
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Summary
A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R16B | affected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R15B | affected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R16A | affected |
| Hitachi Energy | FOXMAN-UN | FOXMAN-UN R15A | affected |
| Hitachi Energy | UNEM | UNEM R16B | affected |
| Hitachi Energy | UNEM | UNEM R15B | affected |
| Hitachi Energy | UNEM | UNEM 16A | affected |
| Hitachi Energy | UNEM | UNEM 15A | affected |
Weaknesses
- CWE-307: CWE-307 Improper Restriction of Excessive Authentication Attempts
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true
- https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true
References
- https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true
- https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.