CVE-2024-28021 HIGH

Published: 2024-06-11 | Last Modified: 2024-11-21 | Status: Modified

Description

A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity.

Additional Descriptions (1)

Existe una vulnerabilidad en el servidor FOXMAN-UN/UNEM que afecta la validación de certificados del mecanismo de cola de mensajes. Si se explota, un atacante podría falsificar una entidad confiable y provocar una pérdida de confidencialidad e integridad.

CVSS Metrics

Base Score: 7.4 (HIGH)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector	NETWORK
Attack Complexity	HIGH
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 2.2

Impact Score: 5.2

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-295
[email protected]	Primary	en CWE-295

Affected Products

Vendor	Product	Version	Update	Type
hitachienergy	foxman-un	r15b	<built-in method update of dict object at 0x72a9b0cd7740>	Application
hitachienergy	foxman-un	r16b	<built-in method update of dict object at 0x72a9b0cd5600>	Application
hitachienergy	foxman_un	r15a	<built-in method update of dict object at 0x72a9b0cd5840>	Application
hitachienergy	foxman_un	r16a	<built-in method update of dict object at 0x72a9b0ca5980>	Application
hitachienergy	unem	r15a	<built-in method update of dict object at 0x72a9b0cd49c0>	Application
hitachienergy	unem	r15b	<built-in method update of dict object at 0x72a9b0cd7f40>	Application
hitachienergy	unem	r16a	<built-in method update of dict object at 0x72a9b0cd45c0>	Application
hitachienergy	unem	r16b	<built-in method update of dict object at 0x72a9ccf28980>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r15b:pc4::::::`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r16b:pc2::::::`
Yes	`cpe:2.3:a:hitachienergy:foxman_un:r15a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:foxman_un:r16a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r15a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r15b:pc4::::::`
Yes	`cpe:2.3:a:hitachienergy:unem:r16a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r16b:pc2::::::`

References

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true
Source: [email protected]

Vendor Advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true
Source: [email protected]

Vendor Advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory