CVE-2021-40342

In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch	Mitigation Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch	Mitigation Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch	Mitigation Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hitachienergy:foxman-un:r9c:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r10c:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r11a:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r11b:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r14a:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r14b:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r15a:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r15b:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r16a:::::::*
	cpe:2.3:a:hitachienergy:unem:r9c:::::::*
	cpe:2.3:a:hitachienergy:unem:r10c:::::::*
	cpe:2.3:a:hitachienergy:unem:r11a:::::::*
	cpe:2.3:a:hitachienergy:unem:r11b:::::::*
	cpe:2.3:a:hitachienergy:unem:r14a:::::::*
	cpe:2.3:a:hitachienergy:unem:r14b:::::::*
	cpe:2.3:a:hitachienergy:unem:r15a:::::::*
	cpe:2.3:a:hitachienergy:unem:r15b:::::::*
	cpe:2.3:a:hitachienergy:unem:r16a:::::::*

History

21 Nov 2024, 06:23

Type	Values Removed	Values Added
References	~~() https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch - Mitigation, Vendor Advisory~~	() https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch - Mitigation, Vendor Advisory
References	~~() https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch - Mitigation, Vendor Advisory~~	() https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch - Mitigation, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 7.1
Summary		(es) En la implementación de DES, las versiones de producto afectadas utilizan una clave predeterminada para el cifrado. La explotación exitosa permite a un atacante obtener información confidencial y acceso a los elementos de red administrados por las versiones de los productos afectados. Este problema afecta a: * FOXMAN-UN: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN -ONU R9C; * UNEM: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. Lista de CPE: * cpe:2.3:a:hitachienergy:foxman-un:R16A:::::::* * cpe:2.3:a:hitachienergy:foxman-un:R15B:::::::* * cpe:2.3:a:hitachienergy:foxman-un:R15A:::::::* * cpe:2.3:a:hitachienergy:foxman-un:R14B:::::::* * cpe:2.3:a:hitachienergy:foxman-un:R14A:::::::* * cpe:2.3:a:hitachienergy:foxman-un:R11B:::::::* * cpe:2.3:a:hitachienergy:foxman-un:R11A:::::::* * cpe:2.3:a:hitachienergy:foxman-un:R10C:::::::* * cpe:2.3:a:hitachienergy:foxman-un:R9C:::::::* * cpe:2.3:a:hitachienergy:unem:R16A:::::::* * cpe:2.3:a:hitachienergy:unem:R15B:::::::* * cpe:2.3:a:hitachienergy:unem:R15A:::::::* * cpe:2.3:a:hitachienergy:unem:R14B:::::::* * cpe:2.3:a:hitachienergy:unem:R14A:::::::* * cpe:2.3:a:hitachienergy:unem:R11B:::::::* * cpe:2.3:a:hitachienergy:unem:R11A:::::::* * cpe:2.3:a:hitachienergy:unem:R10C:::::::* * cpe:2.3:a:hitachienergy:unem:R9C:::::::*

17 Jul 2023, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-01-05 22:15

Updated : 2024-11-21 06:23

NVD link : CVE-2021-40342

Mitre link : CVE-2021-40342

CVE.ORG link : CVE-2021-40342

JSON object : View

Products Affected

hitachienergy

foxman-un
unem

CWE

CWE-798

Use of Hard-coded Credentials

CWE-287

Improper Authentication

7.1 /10