Hitachienergy Foxman-un — known CVE vulnerabilities
Every CVE whose affected-product data names Hitachienergy Foxman-un, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2024-2013 — CVSS 10.0 (critical): An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers…
CVE-2024-2012 — CVSS 9.1 (critical): vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or…
CVE-2024-2011 — CVSS 8.6 (high): A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but…
CVE-2022-3929 — CVSS 8.3 (high): Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request…
CVE-2022-3927 — CVSS 8.0 (high): The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from…
CVE-2024-28020 — CVSS 8.0 (high): A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious…
CVE-2024-28021 — CVSS 7.4 (high): A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an…
CVE-2021-40341 — CVSS 7.1 (high): DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the…
CVE-2021-40342 — CVSS 7.1 (high): In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to…
CVE-2022-3928 — CVSS 7.1 (high): Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to…
CVE-2024-28022 — CVSS 6.5 (medium): A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of…
CVE-2024-28024 — CVSS 4.1 (medium): A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be…
CVE-2023-1711 — CVSS 4.0 (medium): A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network…