{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-40342", "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "state": "PUBLISHED", "assignerShortName": "Hitachi Energy", "dateReserved": "2021-08-31T20:24:21.499Z", "datePublished": "2023-01-05T21:27:02.929Z", "dateUpdated": "2024-08-04T02:27:31.935Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "FOXMAN-UN", "vendor": "Hitachi Energy", "versions": [{"status": "affected", "version": "FOXMAN-UN R16A"}, {"status": "affected", "version": "FOXMAN-UN R15B"}, {"status": "affected", "version": "FOXMAN-UN R15A"}, {"status": "affected", "version": "FOXMAN-UN R14B"}, {"status": "affected", "version": "FOXMAN-UN R14A"}, {"status": "affected", "version": "FOXMAN-UN R11B"}, {"status": "affected", "version": "FOXMAN-UN R11A"}, {"status": "affected", "version": "FOXMAN-UN R10C"}, {"status": "affected", "version": "FOXMAN-UN R9C"}]}, {"defaultStatus": "unaffected", "product": "UNEM", "vendor": "Hitachi Energy", "versions": [{"status": "affected", "version": "UNEM R16A"}, {"status": "affected", "version": "UNEM R15B"}, {"status": "affected", "version": "UNEM R15A"}, {"status": "affected", "version": "UNEM R14B"}, {"status": "affected", "version": "UNEM R14A"}, {"status": "affected", "version": "UNEM R11B"}, {"status": "affected", "version": "UNEM R11A"}, {"status": "affected", "version": "UNEM R10C"}, {"status": "affected", "version": "UNEM R9C"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "K-Businessom AG, Austria"}], "datePublic": "2022-12-13T13:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker </span><span style=\"background-color: rgb(255, 255, 255);\">to obtain sensitive information and gain access to the network elements that are managed by the affected products versions.</span>\n\n<p>\n\n</p><p>This issue affects </p><p></p><ul><li>FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; </li><li>UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.</li></ul><p></p>List of CPEs: <br><ul><li>cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*</li></ul>\n\n<p></p>"}], "value": "\nIn the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions.\n\n\n\n\n\nThis issue affects \n\n\n\n * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \n * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\n\n\n\n\nList of CPEs: \n * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n\n\n\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-20", "descriptions": [{"lang": "en", "value": "CAPEC-20 Encryption Brute Forcing"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy", "dateUpdated": "2023-01-05T21:27:02.929Z"}, "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch"}], "source": {"discovery": "EXTERNAL"}, "title": "Use of default key for encryption", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n<br><br>For immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\n<span style=\"background-color: rgb(255, 255, 255);\">Database contains credentials with weak encryption</span>\n\nclause of section Mitigation Factors/Workarounds\nin the respective products' advisory.\n<br><br>For immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory<br><ul><li>Secure the NMS CLIENT/SERVER communication. </li><li>Embedded FOXCST with RADIUS authentication should be avoided. </li><li>Database contains credentials with weak encryption.</li></ul>"}], "value": "\n\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\nDatabase contains credentials with weak encryption\n\nclause of section Mitigation Factors/Workarounds\nin the respective products' advisory.\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n * Secure the NMS CLIENT/SERVER communication. \n * Embedded FOXCST with RADIUS authentication should be avoided. \n * Database contains credentials with weak encryption.\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:27:31.935Z"}, "title": "CVE Program Container", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["x_transferred"]}, {"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r9c:*:*:*:*:*:*:*", "matchCriteriaId": "CF6EBF5E-662C-4B47-A683-05EBA284A1EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r10c:*:*:*:*:*:*:*", "matchCriteriaId": "900AF3F4-5C0B-48B9-91ED-5AABC42C0387", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r11a:*:*:*:*:*:*:*", "matchCriteriaId": "9CD89F83-BB89-45D4-BD95-7E9622C60948", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r11b:*:*:*:*:*:*:*", "matchCriteriaId": "33C7B43C-BC45-4151-BB30-9FBE9E737BE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r14a:*:*:*:*:*:*:*", "matchCriteriaId": "F1338D86-A03D-4604-A6E5-31244F18D919", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r14b:*:*:*:*:*:*:*", "matchCriteriaId": "B93B58ED-E004-4B52-A691-C771B34DD9C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r15a:*:*:*:*:*:*:*", "matchCriteriaId": "A7593C74-2882-45D3-AB32-3A45E3AECAAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r15b:*:*:*:*:*:*:*", "matchCriteriaId": "47606044-296D-4561-B9DC-82659BC666F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r16a:*:*:*:*:*:*:*", "matchCriteriaId": "7EE987B2-0620-44BB-AEA7-4E20CBE44822", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r9c:*:*:*:*:*:*:*", "matchCriteriaId": "8FB66BE3-1031-4315-AF85-309BE3C35D7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r10c:*:*:*:*:*:*:*", "matchCriteriaId": "F6DF9081-1544-4A69-9D9E-80759289056B", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r11a:*:*:*:*:*:*:*", "matchCriteriaId": "C50E14E9-D2BF-4B6C-BF87-C9E4233D3AD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r11b:*:*:*:*:*:*:*", "matchCriteriaId": "996564C6-8B44-4E89-A353-79B711A3DBBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r14a:*:*:*:*:*:*:*", "matchCriteriaId": "6AB8CF64-17F7-488D-9763-A1487ECA405D", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r14b:*:*:*:*:*:*:*", "matchCriteriaId": "6E96D583-2EBB-4AB2-A473-A0930E3B8D02", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*", "matchCriteriaId": "E78C9E5B-5876-4F15-A98A-359193287446", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*", "matchCriteriaId": "C3168F38-7B9E-4F4D-B6D0-1BAFB5FE05F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*", "matchCriteriaId": "7ABB4A53-07A0-4F9A-824B-A1AC71CCB44E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nIn the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions.\n\n\n\n\n\nThis issue affects \n\n\n\n * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \n * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\n\n\n\n\nList of CPEs: \n * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n\n\n\n\n\n\n"}], "id": "CVE-2021-40342", "lastModified": "2023-11-07T03:38:33.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 4.0, "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}, "published": "2023-01-05T22:15:08.953", "references": [{"source": "cybersecurity@hitachienergy.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "cybersecurity@hitachienergy.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch"}], "sourceIdentifier": "cybersecurity@hitachienergy.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}

{}