Hitachienergy Unem
13 CVEs affecting Hitachienergy Unem. Latest disclosed: 2024-06-11. Critical: 2, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-2013 | Critical | 10.0 | 2024-06-11 | An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to in… |
CVE-2024-2012 | Critical | 9.1 | 2024-06-11 | vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on… |
CVE-2024-2011 | High | 8.6 | 2024-06-11 | A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execut… |
CVE-2022-3929 | High | 8.3 | 2023-01-05 | Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture)… |
CVE-2024-28020 | High | 8.0 | 2024-06-11 | A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the… |
CVE-2022-3927 | High | 8.0 | 2023-01-05 | The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. An attacker that… |
CVE-2024-28021 | High | 7.4 | 2024-06-11 | A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof… |
CVE-2022-3928 | High | 7.1 | 2023-01-05 | Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the i… |
CVE-2021-40342 | High | 7.1 | 2023-01-05 | In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive info… |
CVE-2021-40341 | High | 7.1 | 2023-01-05 | DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Success… |
CVE-2024-28022 | Medium | 6.5 | 2024-06-11 | A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts usin… |
CVE-2024-28024 | Medium | 4.1 | 2024-06-11 | A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another contr… |
CVE-2023-1711 | Medium | 4.0 | 2023-05-30 | A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited… |