CVE-2024-28020

A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hitachienergy:foxman-un:r15a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman-un:r15b:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman-un:r16a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman-un:r16b:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*

History

30 Oct 2024, 14:23

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.9
v2 : unknown
v3 : 8.0

29 Oct 2024, 15:15

Type Values Removed Values Added
Summary (en) A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM  application and server management. If exploited a malicious user could use the passwords and login information to extend access on the server and other services. (en) A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services.

09 Oct 2024, 17:08

Type Values Removed Values Added
CPE cpe:2.3:a:hitachienergy:foxman_un:r15a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman_un:r16a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman-un:r15a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman-un:r16a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman-un:r15b:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman-un:r16b:*:*:*:*:*:*:*
First Time Hitachienergy foxman-un

15 Aug 2024, 21:32

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.0
v2 : unknown
v3 : 9.9
First Time Hitachienergy foxman Un
Hitachienergy
Hitachienergy unem
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman_un:r16a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman_un:r15a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*
References () https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true - () https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true - Vendor Advisory
References () https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true - () https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true - Vendor Advisory

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de reutilización de usuario/contraseña en la administración de aplicaciones y servidores de FOXMAN-UN/UNEM. Si se explota, un usuario malintencionado podría utilizar las contraseñas y la información de inicio de sesión para ampliar el acceso al servidor y a otros servicios.

11 Jun 2024, 19:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-11 19:16

Updated : 2024-10-30 14:23


NVD link : CVE-2024-28020

Mitre link : CVE-2024-28020

CVE.ORG link : CVE-2024-28020


JSON object : View

Products Affected

hitachienergy

  • foxman-un
  • unem
CWE
NVD-CWE-noinfo CWE-286

Incorrect User Management