CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28020
https://notcve.org/view.php?id=CVE-2024-28020
11 Jun 2024 — A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious user could use the passwords and login information to extend access on the server and other services. Existe una vulnerabilidad de reutilización de usuario/contraseña en la administración de aplicaciones y servidores de FOXMAN-UN/UNEM. Si se explota, un usuario malintencionado podría utilizar las contraseñas y la información de inicio de sesión para ampliar el acceso al servidor y a o... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true • CWE-286: Incorrect User Management •
CVSS: 4.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28024
https://notcve.org/view.php?id=CVE-2024-28024
11 Jun 2024 — A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. Existe una vulnerabilidad en FOXMAN-UN/UNEM en la que información confidencial se almacena en texto plano dentro de un recurso que podría ser accesible a otra esfera de control. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-28021
https://notcve.org/view.php?id=CVE-2024-28021
11 Jun 2024 — A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity. Existe una vulnerabilidad en el servidor FOXMAN-UN/UNEM que afecta la validación de certificados del mecanismo de cola de mensajes. Si se explota, un atacante podría falsificar una entidad confiable y provocar una pérdida de confidencialidad e integridad. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-2011
https://notcve.org/view.php?id=CVE-2024-2011
11 Jun 2024 — A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy Existe una vulnerabilidad de desbordamiento de búfer basada en montón en FOXMAN-UN/UNEM que, si se explota, generalmente conducirá a una denegación de servicio, pero puede usarse para ejecutar código arbitrario, lo que generalmente está fuera del alcance de la ... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-2012
https://notcve.org/view.php?id=CVE-2024-2012
11 Jun 2024 — vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior Existe una vulnerabilidad en el servidor FOXMAN-UN/UNEM API Gateway que, si se explota, un atacante podría usar para permitir que se ejecuten comandos o códigos no deseados en el servidor UNEM, lo que permitiría leer o modificar datos confidenciales... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2013
https://notcve.org/view.php?id=CVE-2024-2013
11 Jun 2024 — An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface. Existe una vulnerabilidad de omisión de autenticación en el servidor FOXMAN-UN/UNEM componente API Gateway que, si se explota, permite a atacantes sin ningún acceso interactuar con los servicios y la superficie de ataque posterior a la autenticación. An authentication bypass vulnerabi... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 4.4EPSS: 0%CPEs: 18EXPL: 0CVE-2023-1711
https://notcve.org/view.php?id=CVE-2023-1711
30 May 2023 — A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information. List of CPEs: * cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hi... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000155&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3929 – Communication between the client and server partially using CORBA over TCP/IP
https://notcve.org/view.php?id=CVE-2022-3929
05 Jan 2023 — Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3928 – Hardcoded credential is found in the message queue
https://notcve.org/view.php?id=CVE-2022-3928
05 Jan 2023 — Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3927 – The affected products store public and private key that are used to sign and protect custom parameter set files from modification.
https://notcve.org/view.php?id=CVE-2022-3927
05 Jan 2023 — The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the legitimate CPS file. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM ... • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-798: Use of Hard-coded Credentials •