CVE-2024-28023

Summary

A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyFOXMAN-UNFOXMAN-UN R16B PC2affected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R16B PC3 <= FOXMAN-UN R16B PC4unaffected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R15B PC4affected
Hitachi EnergyFOXMAN-UNFOXMAN-UN R15B PC5unaffected
Hitachi EnergyUNEMUNEM R16B PC2affected
Hitachi EnergyUNEMUNEM R16B PC3 <= UNEM R16B PC4unaffected
Hitachi EnergyUNEMUNEM R15B PC4affected
Hitachi EnergyUNEMUNEM R15B PC4unaffected

Weaknesses

  • CWE-259: CWE-259 Use of Hard-coded Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References