CVE-2024-28022 MEDIUM

Published: 2024-06-11 | Last Modified: 2025-04-29 | Status: Analyzed

Description

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account.

Additional Descriptions (1)

Existe una vulnerabilidad en el servidor/APIGateway de FOXMAN-UN/UNEM que, si se explota, permite a un usuario malintencionado realizar un número arbitrario de intentos de autenticación utilizando diferentes contraseñas y, finalmente, obtener acceso a la cuenta objetivo.

CVSS Metrics

Base Score: 6.5 (MEDIUM)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Attack Vector	NETWORK
Attack Complexity	HIGH
Privileges Required	NONE
User Interaction	NONE
Scope	CHANGED
Confidentiality Impact	LOW
Integrity Impact	LOW
Availability Impact	LOW

Source: [email protected]

Type: Primary

Exploitability Score: 2.2

Impact Score: 3.7

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-307
[email protected]	Primary	en CWE-307

Affected Products

Vendor	Product	Version	Update	Type
hitachienergy	foxman-un	r15a	<built-in method update of dict object at 0x72a9cd087500>	Application
hitachienergy	foxman-un	r15b	<built-in method update of dict object at 0x72a9cd086e80>	Application
hitachienergy	foxman-un	r16a	<built-in method update of dict object at 0x72a9ccf9e280>	Application
hitachienergy	foxman-un	r16b	<built-in method update of dict object at 0x72a9b0aa6940>	Application
hitachienergy	unem	r15a	<built-in method update of dict object at 0x72a9ccd29640>	Application
hitachienergy	unem	r15b	<built-in method update of dict object at 0x72a9ccd2abc0>	Application
hitachienergy	unem	r16a	<built-in method update of dict object at 0x72a9b0b3af00>	Application
hitachienergy	unem	r16b	<built-in method update of dict object at 0x72a9b0b3a0c0>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r15a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r15b:::::::*`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r16a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:foxman-un:r16b:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r15a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r15b:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r16a:::::::*`
Yes	`cpe:2.3:a:hitachienergy:unem:r16b:::::::*`

References

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true
Source: [email protected]

Vendor Advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true
Source: [email protected]

Vendor Advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory