CVE-2021-40341
published 2023-01-05CVE-2021-40341: DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements…
PriorityP422medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.08%
0.4th percentile
DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | foxman-un | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Hitachi Energy UNEM
cisa_ics·2023-01-11·CVSS 7.1
[HIGH] Hitachi Energy UNEM
ICS Advisory
##
Hitachi Energy UNEM
Last RevisedJanuary 11, 2023
Alert CodeICSA-23-005-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: UNEM
- Vulnerabilities: Inadequate Encryption Strength, Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive Information.
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an unauthorized user to obtain sensitive information and gain access to the network elements managed by the UNEM and could cause availability issue on affected UNEM products.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Hitachi Energy reports these vulnerabilities affect the following UNEM products:
- UNEM R16A
CISA ICS
Hitachi Energy FOXMAN-UN
cisa_ics·2023-01-05·CVSS 7.1
[HIGH] Hitachi Energy FOXMAN-UN
ICS Advisory
##
Hitachi Energy FOXMAN-UN
Last RevisedJanuary 05, 2023
Alert CodeICSA-23-005-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: FOXMAN-UN
- Vulnerabilities: Inadequate Encryption Strength, Use of Default Cryptographic Key, Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive Information.
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an unauthorized user to obtain sensitive information and gain access to the network elements managed by the FOXMAN-UN, and could cause an availability issue on affected FOXMAN-UN products.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Hitachi Energy reports these vulner
GHSA
GHSA-xg5w-j24m-8379: DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements
ghsa_unreviewed·2023-01-06
CVE-2021-40341 [MEDIUM] CWE-326 GHSA-xg5w-j24m-8379: DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements
DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launchhttps://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launchhttps://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launchhttps://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch
2023-01-05
Published