CVE-2024-28020

A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious user could use the passwords and login information to extend access on the server and other services.

CVSS v3 9.9 CRITICAL

9.9^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true	Vendor Advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hitachienergy:foxman_un:r15a:::::::*
	cpe:2.3:a:hitachienergy:foxman_un:r15b:::::::*
	cpe:2.3:a:hitachienergy:foxman_un:r16a:::::::*
	cpe:2.3:a:hitachienergy:foxman_un:r16b:::::::*
	cpe:2.3:a:hitachienergy:unem:r15a:::::::*
	cpe:2.3:a:hitachienergy:unem:r15b:::::::*
	cpe:2.3:a:hitachienergy:unem:r16a:::::::*
	cpe:2.3:a:hitachienergy:unem:r16b:::::::*

History

15 Aug 2024, 21:32

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.0~~	v2 : unknown v3 : 9.9
CPE		cpe:2.3:a:hitachienergy:unem:r15b:::::::* cpe:2.3:a:hitachienergy:unem:r16b:::::::* cpe:2.3:a:hitachienergy:unem:r16a:::::::* cpe:2.3:a:hitachienergy:foxman_un:r15b:::::::* cpe:2.3:a:hitachienergy:unem:r15a:::::::* cpe:2.3:a:hitachienergy:foxman_un:r16a:::::::* cpe:2.3:a:hitachienergy:foxman_un:r16b:::::::* cpe:2.3:a:hitachienergy:foxman_un:r15a:::::::*
References	~~() https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true -~~	() https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true - Vendor Advisory
References	~~() https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true -~~	() https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true - Vendor Advisory
First Time		Hitachienergy unem Hitachienergy Hitachienergy foxman Un
CWE		NVD-CWE-noinfo

13 Jun 2024, 18:36

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de reutilización de usuario/contraseña en la administración de aplicaciones y servidores de FOXMAN-UN/UNEM. Si se explota, un usuario malintencionado podría utilizar las contraseñas y la información de inicio de sesión para ampliar el acceso al servidor y a otros servicios.

11 Jun 2024, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-11 19:16

Updated : 2024-08-15 21:32

NVD link : CVE-2024-28020

Mitre link : CVE-2024-28020

CVE.ORG link : CVE-2024-28020

JSON object : View

Products Affected

hitachienergy

unem
foxman_un

CWE

NVD-CWE-noinfo CWE-286

Incorrect User Management

9.9 /10