Vulnerability in Hitachi Energy Foxman-un
CVE-2024-2012
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause…
EPSS: 0.006 (44.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Hitachi Energy Foxman-un — versions FOXMAN-UN R16B PC2, FOXMAN-UN R16B PC3, FOXMAN-UN R15B PC4
- Hitachi Energy Unem — versions UNEM R16B PC2, UNEM R16B PC3, UNEM R15B PC4
- Hitachienergy Foxman-un — versions r15a, r15b, r16a
- Hitachienergy Unem — versions r15a, r15b, r16a
Weakness classification (CWE)
References
- cybersecurity@hitachienergy.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2024-2012?
- CVE-2024-2012 is a critical-severity vulnerability in Hitachi Energy Foxman-un, classified under Authentication Bypass Using an Alternate Path or Channel. CVSS score: 9.1/10. Published 2024-06-11.
- How severe is CVE-2024-2012?
- Critical severity. CVSS v3 base score is 9.1 out of 10.