Hardcoded credential is found in the message queue
CVE-2022-3928

7.1HIGH

Key Information:

Vendor: Hitachi
Status: Foxman-un; Unem
Vendor: CVE Published:; 5 January 2023

What is CVE-2022-3928?

An issue has been identified within multiple versions of FOXMAN-UN and UNEM products from Hitachi Energy, where hardcoded credentials are present in the internal message queue. This flaw allows attackers with access to exploit these credentials, potentially leading to unauthorized access to sensitive data within the message queue, posing significant risks to the integrity and confidentiality of the system.

Affected Version(s)

FOXMAN-UN FOXMAN-UN R15B

FOXMAN-UN FOXMAN-UN R15A

FOXMAN-UN FOXMAN-UN R14B

References

https://search.abb.com/library/Download.aspx?DocumentID=8...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 5, 2023
Vulnerability Reserved
Nov 10, 2022

Credit

K-Businessom AG, Austria