Communication between the client and server partially using CORBA over TCP/IP
CVE-2022-3929

8.3HIGH

Key Information:

Vendor: Hitachi
Status: Foxman-un; Unem
Vendor: CVE Published:; 5 January 2023

Summary

The vulnerability arises from the use of CORBA (Common Object Request Broker Architecture) for client-server communications in Hitachi Energy's FOXMAN-UN and UNEM products. This architecture operates over TCP/IP without encryption, potentially allowing malicious actors to trace internal messages. As a result, sensitive information could be intercepted, posing a significant risk to system integrity and confidentiality.

Affected Version(s)

FOXMAN-UN FOXMAN-UN R15B

FOXMAN-UN FOXMAN-UN R15A

FOXMAN-UN FOXMAN-UN R14B

References

https://search.abb.com/library/Download.aspx?DocumentID=8...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 5, 2023
Vulnerability Reserved
Nov 10, 2022

Collectors

NVD DatabaseMitre Database

Credit

K-Businessom AG, Austria