The affected products store public and private key that are used to sign and protect custom parameter set files from modification.
CVE-2022-3927

8HIGH

Key Information:

Vendor
Hitachi
Status
Foxman-un
Unem
Vendor
CVE Published:
5 January 2023

Summary

This vulnerability allows an attacker to compromise the security of FOXMAN-UN and UNEM products by accessing public and private keys used to sign and protect Custom Parameter Set (CPS) files. By exploiting this flaw, an attacker can modify the CPS files and re-sign them, making them appear authentic. This manipulation poses significant risks, as it may lead to unauthorized actions or data integrity violations within the affected systems.

Affected Version(s)

FOXMAN-UN FOXMAN-UN R15B

FOXMAN-UN FOXMAN-UN R15A

FOXMAN-UN FOXMAN-UN R14B

References

https://search.abb.com/library/Download.aspx?DocumentID=8...
https://search.abb.com/library/Download.aspx?DocumentID=8...

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

K-Businessom AG, Austria
.