{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-40342", "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "state": "PUBLISHED", "assignerShortName": "Hitachi Energy", "dateReserved": "2021-08-31T20:24:21.499Z", "datePublished": "2023-01-05T21:27:02.929Z", "dateUpdated": "2024-08-04T02:27:31.935Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "FOXMAN-UN", "vendor": "Hitachi Energy", "versions": [{"status": "affected", "version": "FOXMAN-UN R16A"}, {"status": "affected", "version": "FOXMAN-UN R15B"}, {"status": "affected", "version": "FOXMAN-UN R15A"}, {"status": "affected", "version": "FOXMAN-UN R14B"}, {"status": "affected", "version": "FOXMAN-UN R14A"}, {"status": "affected", "version": "FOXMAN-UN R11B"}, {"status": "affected", "version": "FOXMAN-UN R11A"}, {"status": "affected", "version": "FOXMAN-UN R10C"}, {"status": "affected", "version": "FOXMAN-UN R9C"}]}, {"defaultStatus": "unaffected", "product": "UNEM", "vendor": "Hitachi Energy", "versions": [{"status": "affected", "version": "UNEM R16A"}, {"status": "affected", "version": "UNEM R15B"}, {"status": "affected", "version": "UNEM R15A"}, {"status": "affected", "version": "UNEM R14B"}, {"status": "affected", "version": "UNEM R14A"}, {"status": "affected", "version": "UNEM R11B"}, {"status": "affected", "version": "UNEM R11A"}, {"status": "affected", "version": "UNEM R10C"}, {"status": "affected", "version": "UNEM R9C"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "K-Businessom AG, Austria"}], "datePublic": "2022-12-13T13:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker </span><span style=\"background-color: rgb(255, 255, 255);\">to obtain sensitive information and gain access to the network elements that are managed by the affected products versions.</span>\n\n<p>\n\n</p><p>This issue affects </p><p></p><ul><li>FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; </li><li>UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.</li></ul><p></p>List of CPEs: <br><ul><li>cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*</li><li>cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*</li></ul>\n\n<p></p>"}], "value": "\nIn the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions.\n\n\n\n\n\nThis issue affects \n\n\n\n * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \n * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\n\n\n\n\nList of CPEs: \n * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n\n\n\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-20", "descriptions": [{"lang": "en", "value": "CAPEC-20 Encryption Brute Forcing"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy", "dateUpdated": "2023-01-05T21:27:02.929Z"}, "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch"}], "source": {"discovery": "EXTERNAL"}, "title": "Use of default key for encryption", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n<br><br>For immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\n<span style=\"background-color: rgb(255, 255, 255);\">Database contains credentials with weak encryption</span>\n\nclause of section Mitigation Factors/Workarounds\nin the respective products' advisory.\n<br><br>For immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory<br><ul><li>Secure the NMS CLIENT/SERVER communication. </li><li>Embedded FOXCST with RADIUS authentication should be avoided. </li><li>Database contains credentials with weak encryption.</li></ul>"}], "value": "\n\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\nDatabase contains credentials with weak encryption\n\nclause of section Mitigation Factors/Workarounds\nin the respective products' advisory.\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n * Secure the NMS CLIENT/SERVER communication. \n * Embedded FOXCST with RADIUS authentication should be avoided. \n * Database contains credentials with weak encryption.\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:27:31.935Z"}, "title": "CVE Program Container", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["x_transferred"]}, {"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r9c:*:*:*:*:*:*:*", "matchCriteriaId": "CF6EBF5E-662C-4B47-A683-05EBA284A1EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r10c:*:*:*:*:*:*:*", "matchCriteriaId": "900AF3F4-5C0B-48B9-91ED-5AABC42C0387", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r11a:*:*:*:*:*:*:*", "matchCriteriaId": "9CD89F83-BB89-45D4-BD95-7E9622C60948", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r11b:*:*:*:*:*:*:*", "matchCriteriaId": "33C7B43C-BC45-4151-BB30-9FBE9E737BE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r14a:*:*:*:*:*:*:*", "matchCriteriaId": "F1338D86-A03D-4604-A6E5-31244F18D919", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r14b:*:*:*:*:*:*:*", "matchCriteriaId": "B93B58ED-E004-4B52-A691-C771B34DD9C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r15a:*:*:*:*:*:*:*", "matchCriteriaId": "A7593C74-2882-45D3-AB32-3A45E3AECAAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r15b:*:*:*:*:*:*:*", "matchCriteriaId": "47606044-296D-4561-B9DC-82659BC666F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r16a:*:*:*:*:*:*:*", "matchCriteriaId": "7EE987B2-0620-44BB-AEA7-4E20CBE44822", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r9c:*:*:*:*:*:*:*", "matchCriteriaId": "8FB66BE3-1031-4315-AF85-309BE3C35D7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r10c:*:*:*:*:*:*:*", "matchCriteriaId": "F6DF9081-1544-4A69-9D9E-80759289056B", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r11a:*:*:*:*:*:*:*", "matchCriteriaId": "C50E14E9-D2BF-4B6C-BF87-C9E4233D3AD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r11b:*:*:*:*:*:*:*", "matchCriteriaId": "996564C6-8B44-4E89-A353-79B711A3DBBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r14a:*:*:*:*:*:*:*", "matchCriteriaId": "6AB8CF64-17F7-488D-9763-A1487ECA405D", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r14b:*:*:*:*:*:*:*", "matchCriteriaId": "6E96D583-2EBB-4AB2-A473-A0930E3B8D02", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*", "matchCriteriaId": "E78C9E5B-5876-4F15-A98A-359193287446", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*", "matchCriteriaId": "C3168F38-7B9E-4F4D-B6D0-1BAFB5FE05F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*", "matchCriteriaId": "7ABB4A53-07A0-4F9A-824B-A1AC71CCB44E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nIn the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions.\n\n\n\n\n\nThis issue affects \n\n\n\n * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \n * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\n\n\n\n\nList of CPEs: \n * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n\n\n\n\n\n\n"}, {"lang": "es", "value": "En la implementaci\u00f3n de DES, las versiones de producto afectadas utilizan una clave predeterminada para el cifrado. La explotaci\u00f3n exitosa permite a un atacante obtener informaci\u00f3n confidencial y acceso a los elementos de red administrados por las versiones de los productos afectados. Este problema afecta a: \n * FOXMAN-UN: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN -ONU R9C;\n * UNEM: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\n\nLista de CPE:\n * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:* "}], "id": "CVE-2021-40342", "lastModified": "2024-11-21T06:23:54.320", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 4.0, "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-05T22:15:08.953", "references": [{"source": "cybersecurity@hitachienergy.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "cybersecurity@hitachienergy.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch"}], "sourceIdentifier": "cybersecurity@hitachienergy.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}