cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-28020,https://securityvulnerability.io/vulnerability/CVE-2024-28020,Password Reuse Vulnerability in FOXMAN-UN/UNEM Application and Server Management,"A vulnerability exists in the FOXMAN-UN and UNEM applications developed by Hitachi Energy, where user/password reuse can be exploited. This flaw enables high-privileged malicious users to utilize stored passwords and login credentials through intricate routines, potentially extending their unauthorized access to the server and other associated services. Organizations utilizing these applications should assess their environments for potential exploitation pathways and implement appropriate security measures.",Hitachi,"Foxman-un,Unem",8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-06-11T18:20:35.573Z,0
CVE-2024-28024,https://securityvulnerability.io/vulnerability/CVE-2024-28024,Vulnerability in FOXMAN-UN/UNEM Exposes Sensitive Information to Unauthorized Access,"A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is 
stored in cleartext within a resource that might be accessible to another control sphere.",Hitachi,"Foxman-un,Unem",4.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-11T18:17:54.877Z,0
CVE-2024-28022,https://securityvulnerability.io/vulnerability/CVE-2024-28022,Arbitrary Authentication Attempts Vulnerability,"A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that 
if exploited allows a malicious user to perform an arbitrary number 
of authentication attempts using different passwords, and 
eventually gain access to the targeted account.",Hitachi,"Foxman-un,Unem",6.5,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-06-11T18:15:42.349Z,0
CVE-2024-28023,https://securityvulnerability.io/vulnerability/CVE-2024-28023,Unintended Actors May Access Sensitive Information or Execute Arbitrary Code via Vulnerability in Message Queueing Mechanism,"A vulnerability exists in the message queueing mechanism that if 
exploited can lead to the exposure of resources or functionality to 
unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.",Hitachi,"Foxman-un,Unem",5.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-11T13:55:56.127Z,0
CVE-2024-28021,https://securityvulnerability.io/vulnerability/CVE-2024-28021,Vulnerability in FOXMAN-UN/UNEM Server Could Lead to Loss of Confidentiality and Integrity,"A vulnerability has been identified in the FOXMAN-UN and FOXMAN-UNEM servers related to the inadequate validation of certificates within their message queueing mechanisms. This shortcoming allows an attacker to potentially spoof a trusted entity, which can lead to significant risks, including unauthorized access to sensitive information and compromised data integrity. Organizations utilizing these products are encouraged to review their security posture and implement necessary safeguards to mitigate this vulnerability.",Hitachi,"Foxman-un,Unem",7.4,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-06-11T13:30:12.765Z,0
CVE-2024-2011,https://securityvulnerability.io/vulnerability/CVE-2024-2011,Heap-Based Buffer Overflow Vulnerability in FOXMAN-UN/UNEM Could Lead to Denial of Service or Arbitrary Code Execution,"A serious heap-based buffer overflow vulnerability exists in the FOXMAN-UN and UNEM products from Hitachi Energy. This flaw, if exploited, could lead to denial of service for applications utilizing these products. Additionally, attackers could potentially execute arbitrary code, which poses a significant risk as it may operate outside the program's security policies. Special precautions are recommended to mitigate potential exploitation of this vulnerability.",Hitachi,"Foxman-un,Unem",9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-06-11T13:24:58.764Z,0
CVE-2024-2012,https://securityvulnerability.io/vulnerability/CVE-2024-2012,Unintended Command Execution Vulnerability in FOXMAN UN/UNEM Server API Gateway,"A vulnerability exists within the FOXMAN-UN/UNEM server and API Gateway that poses a significant risk if exploited. Attackers could potentially send unauthorized commands or inject harmful code into the UNEM server, compromising sensitive data integrity and confidentiality. This may enable the reading or alteration of critical information, resulting in unpredictable application behavior and serious security implications.",Hitachi,"Foxman-un,Unem",9.8,CRITICAL,0.000910000002477318,false,true,true,true,,false,false,2024-06-11T13:16:29.566Z,0
CVE-2024-2013,https://securityvulnerability.io/vulnerability/CVE-2024-2013,Authentication Bypass Vulnerability Affects FOXMAN-UN/UNEM Server/API Gateway,"An authentication bypass vulnerability in the FOXMAN-UN/UNEM server and API Gateway, developed by Hitachi Energy, allows attackers to exploit the system without needing proper authentication. This vulnerability enables unauthorized interaction with the application's services, significantly widening the attack surface for post-authentication threats. It poses serious risks as it permits malicious actors to access sensitive functionalities and data that should be restricted to authenticated users, leading to potential data breaches and compromised system integrity.",Hitachi,"Foxman-un,Unem",10,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-06-11T13:14:40.501Z,0
CVE-2024-2462,https://securityvulnerability.io/vulnerability/CVE-2024-2462,,"Allow attackers to intercept or falsify data exchanges between the client 
and the server",Hitachi,"Foxman-un,Fox61x,Foxcst,Unem,Xmc20,Ecst",,,0.0004299999854993075,false,false,false,false,,false,false,2024-06-11T12:48:57.963Z,0
CVE-2023-1711,https://securityvulnerability.io/vulnerability/CVE-2023-1711,,"A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. 
If exploited an attacker could obtain confidential information.


List of CPEs:
  *  cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:*

  *  cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:*

  *  cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:*

  *  cpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:*

  *  cpe:2.3:a:hitachienergy:foxman_un:R14B:*:*:*:*:*:*:*

  *  cpe:2.3:a:hitachienergy:foxman_un:R15A:*:*:*:*:*:*:*

  *  cpe:2.3:a:hitachienergy:foxman_un:R15B:*:*:*:*:*:*:*

  *  cpe:2.3:a:hitachienergy:foxman_un:R16A:*:*:*:*:*:*:*

  *  
  *  cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy: unem :R10C:*:*:*:*:*:*:*

  *  cpe:2.3:a:hitachienergy: unem :R11A:*:*:*:*:*:*:*

  *  cpe:2.3:a:hitachienergy: unem :R11B:*:*:*:*:*:*:*

  *  cpe:2.3:a:hitachienergy: unem :R14A:*:*:*:*:*:*:*

  *  cpe:2.3:a:hitachienergy: unem :R14B:*:*:*:*:*:*:*

  *  cpe:2.3:a:hitachienergy: unem :R15A:*:*:*:*:*:*:*

  *  cpe:2.3:a:hitachienergy: unem :R15B:*:*:*:*:*:*:*

  *  cpe:2.3:a:hitachienergy: unem :R16A:*:*:*:*:*:*:*


",Hitachi,"FOXMAN-UN,UNEM",4.4,MEDIUM,0.0006799999973736703,false,false,false,false,,false,false,2023-05-30T19:15:00.000Z,0
CVE-2022-3929,https://securityvulnerability.io/vulnerability/CVE-2022-3929,Communication between the client and server partially using CORBA over TCP/IP,"The vulnerability arises from the use of CORBA (Common Object Request Broker Architecture) for client-server communications in Hitachi Energy's FOXMAN-UN and UNEM products. This architecture operates over TCP/IP without encryption, potentially allowing malicious actors to trace internal messages. As a result, sensitive information could be intercepted, posing a significant risk to system integrity and confidentiality.",Hitachi,"Foxman-un,Unem",8.3,HIGH,0.0022100000642240047,false,false,false,false,,false,false,2023-01-05T21:54:51.823Z,0
CVE-2022-3928,https://securityvulnerability.io/vulnerability/CVE-2022-3928,Hardcoded credential is found in the message queue,"An issue has been identified within multiple versions of FOXMAN-UN and UNEM products from Hitachi Energy, where hardcoded credentials are present in the internal message queue. This flaw allows attackers with access to exploit these credentials, potentially leading to unauthorized access to sensitive data within the message queue, posing significant risks to the integrity and confidentiality of the system.",Hitachi,"Foxman-un,Unem",7.1,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-01-05T21:50:47.595Z,0
CVE-2022-3927,https://securityvulnerability.io/vulnerability/CVE-2022-3927,The affected products store public and private key that are used to sign and protect custom parameter set files from modification.,"This vulnerability allows an attacker to compromise the security of FOXMAN-UN and UNEM products by accessing public and private keys used to sign and protect Custom Parameter Set (CPS) files. By exploiting this flaw, an attacker can modify the CPS files and re-sign them, making them appear authentic. This manipulation poses significant risks, as it may lead to unauthorized actions or data integrity violations within the affected systems.",Hitachi,"Foxman-un,Unem",8,HIGH,0.0022100000642240047,false,false,false,false,,false,false,2023-01-05T21:41:38.258Z,0
CVE-2021-40342,https://securityvulnerability.io/vulnerability/CVE-2021-40342,Use of default key for encryption,"A vulnerability exists in the DES implementation of Hitachi Energy's FOXMAN-UN and UNEM products, where a default key is used for encryption. This flaw could allow attackers to exploit the system to gain access to sensitive information and potentially compromise network elements managed by the affected products.",Hitachi,"Foxman-un,Unem",7.1,HIGH,0.0020000000949949026,false,false,false,false,,false,false,2023-01-05T21:27:02.929Z,0
CVE-2021-40341,https://securityvulnerability.io/vulnerability/CVE-2021-40341,Weak DES encryption,"The FOXMAN-UN and UNEM products by Hitachi Energy utilize the DES cipher for encrypting user credentials, presenting a significant risk due to its inadequate encryption strength. This deficiency enables potential attackers to decrypt sensitive information easily, putting user credentials at risk. Affected versions include multiple iterations of the FOXMAN-UN and UNEM, making it crucial for users to assess their security measures to safeguard sensitive information.",Hitachi,"Foxman-un,Unem",7.1,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-01-05T21:26:42.760Z,0