Password Reuse Vulnerability in FOXMAN-UN/UNEM Application and Server Management
CVE-2024-28020

8HIGH

Key Information:

Vendor
Hitachi
Status
Foxman-un
Unem
Vendor
CVE Published:
11 June 2024

Summary

A vulnerability exists in the FOXMAN-UN and UNEM applications developed by Hitachi Energy, where user/password reuse can be exploited. This flaw enables high-privileged malicious users to utilize stored passwords and login credentials through intricate routines, potentially extending their unauthorized access to the server and other associated services. Organizations utilizing these applications should assess their environments for potential exploitation pathways and implement appropriate security measures.

Affected Version(s)

FOXMAN-UN FOXMAN-UN R16B

FOXMAN-UN FOXMAN-UN R15B

FOXMAN-UN FOXMAN-UN R16A

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...
https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.