CVE-2024-28020
published 2024-06-11CVE-2024-28020: A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the…
PriorityP341high8CVSS 3.1
AVNACHPRHUINSCCHIHAH
EPSS
0.37%
28.5th percentile
A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application
and server management. If exploited a malicious high-privileged
user could use the passwords and login information through complex routines to extend access on the server and other services.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | unem | — | — |
| hitachienergy | unem | — | — |
| hitachienergy | unem | — | — |
| hitachienergy | unem | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Hitachi Energy UNEM
cisa_ics·2025-01-30·CVSS 8.6
[HIGH] Hitachi Energy UNEM
ICS Advisory
##
Hitachi Energy UNEM
Release DateJanuary 30, 2025
Alert CodeICSA-25-030-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: UNEM
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Argument Injection, Heap-based Buffer Overflow, Improper Certificate Validation, Use of Hard-coded Password, Improper Restriction of Excessive Authentication Attempts, Cleartext Storage of Sensitive Information, Incorrect User Management
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial of service,
CISA ICS
Hitachi Energy FOXMAN-UN
cisa_ics·2025-01-14·CVSS 8.6
[HIGH] Hitachi Energy FOXMAN-UN
ICS Advisory
##
Hitachi Energy FOXMAN-UN
Release DateJanuary 14, 2025
Alert CodeICSA-25-014-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: FOXMAN-UN
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'), Heap-based Buffer Overflow, Incorrect User Management, Improper Certificate Validation, Improper Restriction of Excessive Authentication Attempts, Use of Hard-coded Password, Cleartext Storage of Sensitive Information
## 2. RISK EVALUATION
Successful exploitation of t
GHSA
GHSA-94mv-6g8w-jxvx: A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management
ghsa_unreviewed·2024-06-11
CVE-2024-28020 [HIGH] CWE-286 GHSA-94mv-6g8w-jxvx: A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management
A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious user
could use the passwords and login information to extend access on
the server and other services.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=truehttps://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=truehttps://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=truehttps://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true
2024-06-11
Published