Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Unem
(Hitachienergy)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-06-11 | CVE-2024-28021 | A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity. | Foxman\-Un, Foxman_un, Unem | 7.4 | ||
| 2024-06-11 | CVE-2024-2011 | A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy | Foxman\-Un, Unem | 9.8 | ||
| 2024-06-11 | CVE-2024-2012 | vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior | Foxman\-Un, Unem | 9.8 | ||
| 2024-06-11 | CVE-2024-2013 | An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface. | Foxman\-Un, Unem | 10.0 | ||
| 2024-06-11 | CVE-2024-28020 | A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious user could use the passwords and login information to extend access on the server and other services. | Foxman_un, Unem | 9.9 | ||
| 2024-06-11 | CVE-2024-28022 | A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account. | Foxman\-Un, Unem | 5.6 | ||
| 2024-06-11 | CVE-2024-28024 | A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. | Foxman\-Un, Unem | 4.1 | ||
| 2023-05-30 | CVE-2023-1711 | A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information. List of CPEs: * cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:* * ... | Foxman\-Un, Unem | 4.4 | ||
| 2023-01-05 | CVE-2021-40341 | DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A,... | Foxman\-Un, Unem | 5.5 | ||
| 2023-01-05 | CVE-2021-40342 | In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B,... | Foxman\-Un, Unem | 9.8 |