Password Reuse Vulnerability in FOXMAN-UN/UNEM Application and Server Management
CVE-2024-28020

8HIGH

Key Information:

Vendor: Hitachi
Status: Foxman-un; Unem
Vendor: CVE Published:; 11 June 2024

What is CVE-2024-28020?

A vulnerability exists in the FOXMAN-UN and UNEM applications developed by Hitachi Energy, where user/password reuse can be exploited. This flaw enables high-privileged malicious users to utilize stored passwords and login credentials through intricate routines, potentially extending their unauthorized access to the server and other associated services. Organizations utilizing these applications should assess their environments for potential exploitation pathways and implement appropriate security measures.

Affected Version(s)

FOXMAN-UN FOXMAN-UN R16B

FOXMAN-UN FOXMAN-UN R15B

FOXMAN-UN FOXMAN-UN R16A

References

https://publisher.hitachienergy.com/preview?DocumentId=8D...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
Feb 29, 2024