CVE-2024-28021 - Vulnerability Details

Description

A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message
queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality
and integrity.

Published: 2024-06-11

Score: 7.4 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Hitachi Energy

FOXMAN-UN

unaffected

Version	Status	Constraints
`FOXMAN-UN R16B PC2`	affected	—
`FOXMAN-UN R16B PC3`	unaffected	≤ FOXMAN-UN R16B PC4
`FOXMAN-UN R15B PC4`	affected	—
`FOXMAN-UN R15B PC5`	unaffected	—

Hitachi Energy

UNEM

unaffected

Version	Status	Constraints
`UNEM R16B PC2`	affected	—
`UNEM R16B PC3`	unaffected	≤ UNEM R16B PC4
`UNEM R15B PC4`	affected	—
`UNEM R15B PC5`	unaffected	—

Configuration 1 [-]

OR	cpe:2.3:a:hitachienergy:foxman-un:r15b:pc4::::::
	cpe:2.3:a:hitachienergy:foxman-un:r16b:pc2::::::
	cpe:2.3:a:hitachienergy:foxman_un:r15a:::::::*
	cpe:2.3:a:hitachienergy:foxman_un:r16a:::::::*
	cpe:2.3:a:hitachienergy:unem:r15a:::::::*
	cpe:2.3:a:hitachienergy:unem:r15b:pc4::::::
	cpe:2.3:a:hitachienergy:unem:r16a:::::::*
	cpe:2.3:a:hitachienergy:unem:r16b:pc2::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-25195	A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00131.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true

History

Tue, 29 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:hitachienergy:foxman-un:::::::: cpe:2.3:a:hitachienergy:unem::::::::
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 29 Oct 2024 14:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N'}`	cvssV3_1 `{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}`

Thu, 15 Aug 2024 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hitachienergy Hitachienergy foxman-un Hitachienergy foxman Un Hitachienergy unem
CPEs		cpe:2.3:a:hitachienergy:foxman-un:r15b:pc4:::::: cpe:2.3:a:hitachienergy:foxman-un:r16b:pc2:::::: cpe:2.3:a:hitachienergy:foxman_un:r15a:::::::* cpe:2.3:a:hitachienergy:foxman_un:r16a:::::::* cpe:2.3:a:hitachienergy:unem:r15a:::::::* cpe:2.3:a:hitachienergy:unem:r15b:pc4:::::: cpe:2.3:a:hitachienergy:unem:r16a:::::::* cpe:2.3:a:hitachienergy:unem:r16b:pc2::::::
Vendors & Products		Hitachienergy Hitachienergy foxman-un Hitachienergy foxman Un Hitachienergy unem

Subscriptions

Hitachienergy Foxman-un Foxman Un Unem

MITRE

Status: PUBLISHED

Assigner: Hitachi Energy

Published: 2024-06-11T13:30:12.765Z

Updated: 2024-10-29T14:27:45.146Z

Reserved: 2024-02-29T13:42:00.746Z

Link: CVE-2024-28021

Vulnrichment

Updated: 2024-08-02T00:48:47.815Z

NVD

Status : Modified

Published: 2024-06-11T14:15:10.587

Modified: 2024-11-21T09:05:39.497

Link: CVE-2024-28021

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-295

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object