CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28020
https://notcve.org/view.php?id=CVE-2024-28020
11 Jun 2024 — A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious user could use the passwords and login information to extend access on the server and other services. Existe una vulnerabilidad de reutilización de usuario/contraseña en la administración de aplicaciones y servidores de FOXMAN-UN/UNEM. Si se explota, un usuario malintencionado podría utilizar las contraseñas y la información de inicio de sesión para ampliar el acceso al servidor y a o... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true • CWE-286: Incorrect User Management •
CVSS: 4.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28024
https://notcve.org/view.php?id=CVE-2024-28024
11 Jun 2024 — A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. Existe una vulnerabilidad en FOXMAN-UN/UNEM en la que información confidencial se almacena en texto plano dentro de un recurso que podría ser accesible a otra esfera de control. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-28021
https://notcve.org/view.php?id=CVE-2024-28021
11 Jun 2024 — A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity. Existe una vulnerabilidad en el servidor FOXMAN-UN/UNEM que afecta la validación de certificados del mecanismo de cola de mensajes. Si se explota, un atacante podría falsificar una entidad confiable y provocar una pérdida de confidencialidad e integridad. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-2011
https://notcve.org/view.php?id=CVE-2024-2011
11 Jun 2024 — A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy Existe una vulnerabilidad de desbordamiento de búfer basada en montón en FOXMAN-UN/UNEM que, si se explota, generalmente conducirá a una denegación de servicio, pero puede usarse para ejecutar código arbitrario, lo que generalmente está fuera del alcance de la ... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-2012
https://notcve.org/view.php?id=CVE-2024-2012
11 Jun 2024 — vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior Existe una vulnerabilidad en el servidor FOXMAN-UN/UNEM API Gateway que, si se explota, un atacante podría usar para permitir que se ejecuten comandos o códigos no deseados en el servidor UNEM, lo que permitiría leer o modificar datos confidenciales... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2013
https://notcve.org/view.php?id=CVE-2024-2013
11 Jun 2024 — An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface. Existe una vulnerabilidad de omisión de autenticación en el servidor FOXMAN-UN/UNEM componente API Gateway que, si se explota, permite a atacantes sin ningún acceso interactuar con los servicios y la superficie de ataque posterior a la autenticación. An authentication bypass vulnerabi... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2378
https://notcve.org/view.php?id=CVE-2024-2378
30 Apr 2024 — A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations. Existe una vulnerabilidad en el componente de autenticación web del SDM600. Si es explotado, un atacante podría aumentar los privilegios de las instalaciones afectadas. • https://github.com/HazardLab-IO/CVE-2024-23780 • CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2022-3864
https://notcve.org/view.php?id=CVE-2022-3864
04 Jan 2024 — A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service. Existe una vulnerabilidad en la validaci... • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000146&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2022-2081
https://notcve.org/view.php?id=CVE-2022-2081
04 Jan 2024 — A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function. Existe una vulnerabilidad en la función HCI Modbus TCP ... • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000111&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-6711
https://notcve.org/view.php?id=CVE-2023-6711
19 Dec 2023 — Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU. Existe una vulnerabilidad en SCI IEC 60870-5-104 y HCI IEC 60870-5-104 que afecta a las versiones de productos de RTU500 series que se enumeran a continuación. Los mensajes especialmente manipulados enviado... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000184&languageCode=en&Preview=true • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •