| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects
* FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C;
* UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.
List of CPEs:
* cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
|
|
A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature
due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports
feature. An attacker that manages to exploit the vulnerability on a customer’s Lumada APM could access unauthorized information by gaining
unauthorized access to any Power BI reports installed by the customer.
Furthermore, the vulnerability enables an attacker to manipulate asset issue comments on assets, which should not be available to the attacker.
Affected versions
* Lumada APM on-premises version 6.0.0.0 - 6.4.0.*
List of CPEs:
* cpe:2.3:a:hitachienergy:lumada_apm:6.0.0.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:lumada_apm:6.1.0.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:lumada_apm:6.2.0.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:lumada_apm:6.3.0.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:lumada_apm:6.4.0.0:*:*:*:*:*:*:*
|
|
A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.
An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.
Already existing/established client-server connections are not affected.
List of affected CPEs:
* cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:*
* cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*
|
| A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a missing input data validation which eventually if exploited causes an internal buffer to overflow in the HCI IEC 60870-5-104 function. |
| A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-3. After session resumption interval is expired an RTU500 initiated update of session parameters causes an unexpected restart due to a stack overflow. |
|
The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer
system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can
exploit this vulnerability by uploading a crafted ZIP archive via the
network to McFeeder’s service endpoint.
|
|
Authenticated clients can read arbitrary files on the MAIN Computer
system using the remote procedure call (RPC) of the InspectSetup
service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.
|
|
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be
abused for enumerating the local file system structure.
|
|
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against
web servers and deployed web applications.
|
|
Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing
information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,
backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.
|
| A vulnerability exists in a SDM600 endpoint.
An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
|
| A vulnerability exists in the SDM600 API web services authorization validation implementation.
An attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
|
| A vulnerability exists in a SDM600 endpoint.
An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
|
|
A vulnerability exists in the SDM600 software. The software operates at a privilege level that is higher than the minimum level required. An attacker who successfully exploits this vulnerability can escalate privileges.
This issue affects: All SDM600 versions prior to version 1.3.0.
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.3.0.1339:*:*:*:*:*:*:*
|
| A vulnerability exists in the SDM600 file permission validation.
An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
|
| A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements.
If exploited an attacker could obtain confidential information.
List of CPEs:
* cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman_un:R14B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman_un:R15A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman_un:R15B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman_un:R16A:*:*:*:*:*:*:*
*
* cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy: unem :R10C:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy: unem :R11A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy: unem :R11B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy: unem :R14A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy: unem :R14B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy: unem :R15A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy: unem :R15B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy: unem :R16A:*:*:*:*:*:*:*
|
| Profile files from TRO600 series radios are extracted in plain-text
and encrypted file formats. Profile files provide potential attackers
valuable configuration information about the Tropos network. Profiles
can only be exported by authenticated users with higher privilege of write access. |
| A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could
cause account takeover and unauthorized access to the system
when an attacker conducts brute-force attacks against the
equipment login. Note that the system supports only one concurrent session and implements a delay of more than a second
between failed login attempts making it difficult to automate the
attacks. |
| An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /
API Gateway component that if exploited allows attackers without
any access to interact with the services and the post-authentication
attack surface. |
| vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or
code to be executed on the UNEM server allowing sensitive data to
be read or modified or could cause other unintended behavior |
