Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-28022

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account.

Published

2024-06-11T19:16:06.017

Last Modified

2025-04-29T19:40:10.683

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-307
Type: Primary
CWE-307

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hitachienergy	foxman-un	r15a	Yes
Application	hitachienergy	foxman-un	r15b	Yes
Application	hitachienergy	foxman-un	r16a	Yes
Application	hitachienergy	foxman-un	r16b	Yes
Application	hitachienergy	unem	r15a	Yes
Application	hitachienergy	unem	r15b	Yes
Application	hitachienergy	unem	r16a	Yes
Application	hitachienergy	unem	r16b	Yes

References

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true Vendor Advisory ([email protected])
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true Vendor Advisory ([email protected])
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)