CVE-2024-28020

A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true	Vendor Advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hitachienergy:foxman-un:r15a:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r15b:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r16a:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r16b:::::::*
	cpe:2.3:a:hitachienergy:unem:r15a:::::::*
	cpe:2.3:a:hitachienergy:unem:r15b:::::::*
	cpe:2.3:a:hitachienergy:unem:r16a:::::::*
	cpe:2.3:a:hitachienergy:unem:r16b:::::::*

History

30 Oct 2024, 14:23

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.9~~	v2 : unknown v3 : 8.0

29 Oct 2024, 15:15

Type	Values Removed	Values Added
Summary	(en) A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious user could use the passwords and login information to extend access on the server and other services.	(en) A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services.

09 Oct 2024, 17:08

Type	Values Removed	Values Added
CPE	cpe:2.3:a:hitachienergy:foxman_un:r15a:::::::* cpe:2.3:a:hitachienergy:foxman_un:r16a:::::::* cpe:2.3:a:hitachienergy:foxman_un:r16b:::::::* cpe:2.3:a:hitachienergy:foxman_un:r15b:::::::*	cpe:2.3:a:hitachienergy:foxman-un:r15a:::::::* cpe:2.3:a:hitachienergy:foxman-un:r16a:::::::* cpe:2.3:a:hitachienergy:foxman-un:r15b:::::::* cpe:2.3:a:hitachienergy:foxman-un:r16b:::::::*
First Time		Hitachienergy foxman-un

15 Aug 2024, 21:32

Type	Values Removed	Values Added
References	~~() https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true -~~	() https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true - Vendor Advisory
References	~~() https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true -~~	() https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true - Vendor Advisory
CPE		cpe:2.3:a:hitachienergy:unem:r15b:::::::* cpe:2.3:a:hitachienergy:foxman_un:r15b:::::::* cpe:2.3:a:hitachienergy:foxman_un:r16a:::::::* cpe:2.3:a:hitachienergy:unem:r16b:::::::* cpe:2.3:a:hitachienergy:unem:r15a:::::::* cpe:2.3:a:hitachienergy:foxman_un:r15a:::::::* cpe:2.3:a:hitachienergy:unem:r16a:::::::* cpe:2.3:a:hitachienergy:foxman_un:r16b:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~8.0~~	v2 : unknown v3 : 9.9
First Time		Hitachienergy foxman Un Hitachienergy Hitachienergy unem
CWE		NVD-CWE-noinfo

13 Jun 2024, 18:36

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de reutilización de usuario/contraseña en la administración de aplicaciones y servidores de FOXMAN-UN/UNEM. Si se explota, un usuario malintencionado podría utilizar las contraseñas y la información de inicio de sesión para ampliar el acceso al servidor y a otros servicios.

11 Jun 2024, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-11 19:16

Updated : 2024-10-30 14:23

NVD link : CVE-2024-28020

Mitre link : CVE-2024-28020

CVE.ORG link : CVE-2024-28020

JSON object : View

Products Affected

hitachienergy

foxman-un
unem

CWE

NVD-CWE-noinfo CWE-286

Incorrect User Management

8.0 /10