CVE-2021-40342 CRITICAL

Published: 2023-01-05 | Last Modified: 2024-11-21 | Status: Modified

Description

In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*

Additional Descriptions (1)

En la implementación de DES, las versiones de producto afectadas utilizan una clave predeterminada para el cifrado. La explotación exitosa permite a un atacante obtener información confidencial y acceso a los elementos de red administrados por las versiones de los productos afectados. Este problema afecta a: * FOXMAN-UN: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN -ONU R9C; * UNEM: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. Lista de CPE: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*

CVSS Metrics

Base Score: 9.8 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 5.9

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-798
[email protected]	Primary	en CWE-287

Affected Products

Vendor	Product	Version	Update	Type
hitachienergy	foxman-un	r9c	<built-in method update of dict object at 0x72a99a640c80>	Application
hitachienergy	foxman-un	r10c	<built-in method update of dict object at 0x72a99a640400>	Application
hitachienergy	foxman-un	r11a	<built-in method update of dict object at 0x72a99a642480>	Application
hitachienergy	foxman-un	r11b	<built-in method update of dict object at 0x72a9cdf03200>	Application
hitachienergy	foxman-un	r14a	<built-in method update of dict object at 0x72a99a6424c0>	Application
hitachienergy	foxman-un	r14b	<built-in method update of dict object at 0x72a99a643c80>	Application
hitachienergy	foxman-un	r15a	<built-in method update of dict object at 0x72a9b091ab00>	Application
hitachienergy	foxman-un	r15b	<built-in method update of dict object at 0x72a99a641b00>	Application
hitachienergy	foxman-un	r16a	<built-in method update of dict object at 0x72a99a643800>	Application
hitachienergy	unem	r9c	<built-in method update of dict object at 0x72a99a642880>	Application
hitachienergy	unem	r10c	<built-in method update of dict object at 0x72a9b0b48e80>	Application
hitachienergy	unem	r11a	<built-in method update of dict object at 0x72a99a6421c0>	Application
hitachienergy	unem	r11b	<built-in method update of dict object at 0x72a9b0b48f40>	Application
hitachienergy	unem	r14a	<built-in method update of dict object at 0x72a9b0b4b1c0>	Application
hitachienergy	unem	r14b	<built-in method update of dict object at 0x72a99a640b40>	Application
hitachienergy	unem	r15a	<built-in method update of dict object at 0x72a99a7f2940>	Application
hitachienergy	unem	r15b	<built-in method update of dict object at 0x72a99a641d40>	Application
hitachienergy	unem	r16a	<built-in method update of dict object at 0x72a99a6400c0>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r9c:::::::*`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r10c:::::::*`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r11a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r11b:::::::*`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r14a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r14b:::::::*`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r15a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r15b:::::::*`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r16a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r9c:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r10c:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r11a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r11b:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r14a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r14b:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r15a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r15b:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r16a:::::::*`

References

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch
Source: [email protected]

Mitigation Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch
Source: [email protected]

Mitigation Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch
Source: af854a3a-2127-422b-91ae-364da2661108

Mitigation Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch
Source: af854a3a-2127-422b-91ae-364da2661108

Mitigation Vendor Advisory