CVE-2024-28023
published 2024-06-11CVE-2024-28023: A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors…
PriorityP424medium5.7CVSS 3.1
AVLACLPRHUINSCCLILAL
EPSS
0.17%
6.3th percentile
A vulnerability exists in the message queueing mechanism that if
exploited can lead to the exposure of resources or functionality to
unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Hitachi Energy UNEM
cisa_ics·2025-01-30·CVSS 8.6
[HIGH] Hitachi Energy UNEM
ICS Advisory
##
Hitachi Energy UNEM
Release DateJanuary 30, 2025
Alert CodeICSA-25-030-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: UNEM
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Argument Injection, Heap-based Buffer Overflow, Improper Certificate Validation, Use of Hard-coded Password, Improper Restriction of Excessive Authentication Attempts, Cleartext Storage of Sensitive Information, Incorrect User Management
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial of service,
CISA ICS
Hitachi Energy FOXMAN-UN
cisa_ics·2025-01-14·CVSS 8.6
[HIGH] Hitachi Energy FOXMAN-UN
ICS Advisory
##
Hitachi Energy FOXMAN-UN
Release DateJanuary 14, 2025
Alert CodeICSA-25-014-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: FOXMAN-UN
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'), Heap-based Buffer Overflow, Incorrect User Management, Improper Certificate Validation, Improper Restriction of Excessive Authentication Attempts, Use of Hard-coded Password, Cleartext Storage of Sensitive Information
## 2. RISK EVALUATION
Successful exploitation of t
GHSA
GHSA-mp2w-fjq2-347v: A vulnerability exists in the message queueing mechanism that if
exploited can lead to the exposure of resources or functionality to
unintended actors
ghsa_unreviewed·2024-06-11
CVE-2024-28023 [MEDIUM] CWE-259 GHSA-mp2w-fjq2-347v: A vulnerability exists in the message queueing mechanism that if
exploited can lead to the exposure of resources or functionality to
unintended actors
A vulnerability exists in the message queueing mechanism that if
exploited can lead to the exposure of resources or functionality to
unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-11
Published