Hitachienergy Unem

13 CVEs affecting Hitachienergy Unem. Latest disclosed: 2024-06-11. Critical: 2, High: 8.

Top CVEs affecting Hitachienergy Unem
CVESeverityScorePublishedSummary
CVE-2024-2013Critical10.02024-06-11An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to in…
CVE-2024-2012Critical9.12024-06-11vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on…
CVE-2024-2011High8.62024-06-11A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execut…
CVE-2022-3929High8.32023-01-05 Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture)…
CVE-2024-28020High8.02024-06-11A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the…
CVE-2022-3927High8.02023-01-05 The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. An attacker that…
CVE-2024-28021High7.42024-06-11A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof…
CVE-2022-3928High7.12023-01-05 Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the i…
CVE-2021-40342High7.12023-01-05 In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive info…
CVE-2021-40341High7.12023-01-05DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Success…
CVE-2024-28022Medium6.52024-06-11A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts usin…
CVE-2024-28024Medium4.12024-06-11A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another contr…
CVE-2023-1711Medium4.02023-05-30A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited…