Unintended Command Execution Vulnerability in FOXMAN UN/UNEM Server API Gateway
CVE-2024-2012

9.8CRITICAL

Key Information:

Vendor
Hitachi
Status
Foxman-un
Unem
Vendor
CVE Published:
11 June 2024

Badges

πŸ’° RansomwareπŸ‘Ύ Exploit Exists

Summary

A vulnerability exists within the FOXMAN-UN/UNEM server and API Gateway that poses a significant risk if exploited. Attackers could potentially send unauthorized commands or inject harmful code into the UNEM server, compromising sensitive data integrity and confidentiality. This may enable the reading or alteration of critical information, resulting in unpredictable application behavior and serious security implications.

Affected Version(s)

FOXMAN-UN FOXMAN-UN R16B PC2

FOXMAN-UN FOXMAN-UN R15B PC4

FOXMAN-UN FOXMAN-UN R16A

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ’°

    Used in Ransomware

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.