CVE-2024-28024 - OpenCVE

A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hitachienergy	Foxman-un Unem

Configuration 1 [-]

OR	cpe:2.3:a:hitachienergy:foxman-un:r15a:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r15b:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r16a:::::::*
	cpe:2.3:a:hitachienergy:foxman-un:r16b:::::::*
	cpe:2.3:a:hitachienergy:unem:r15a:::::::*
	cpe:2.3:a:hitachienergy:unem:r15b:::::::*
	cpe:2.3:a:hitachienergy:unem:r16a:::::::*
	cpe:2.3:a:hitachienergy:unem:r16b:::::::*

No data.

References

Link	Providers
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true

History

Thu, 15 Aug 2024 22:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hitachienergy Hitachienergy foxman-un Hitachienergy unem
CPEs		cpe:2.3:a:hitachienergy:foxman-un:r15a:::::::* cpe:2.3:a:hitachienergy:foxman-un:r15b:::::::* cpe:2.3:a:hitachienergy:foxman-un:r16a:::::::* cpe:2.3:a:hitachienergy:foxman-un:r16b:::::::* cpe:2.3:a:hitachienergy:unem:r15a:::::::* cpe:2.3:a:hitachienergy:unem:r15b:::::::* cpe:2.3:a:hitachienergy:unem:r16a:::::::* cpe:2.3:a:hitachienergy:unem:r16b:::::::*
Vendors & Products		Hitachienergy Hitachienergy foxman-un Hitachienergy unem

MITRE

Status: PUBLISHED

Assigner: Hitachi Energy

Published: 2024-06-11T18:17:54.877Z

Updated: 2024-08-02T00:48:47.698Z

Reserved: 2024-02-29T13:42:00.746Z

Link: CVE-2024-28024

Vulnrichment

Updated: 2024-08-02T00:48:47.698Z

NVD

Status : Analyzed

Published: 2024-06-11T19:16:06.243

Modified: 2024-08-15T21:46:11.737

Link: CVE-2024-28024

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28024", "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "state": "PUBLISHED", "assignerShortName": "Hitachi Energy", "dateReserved": "2024-02-29T13:42:00.746Z", "datePublished": "2024-06-11T18:17:54.877Z", "dateUpdated": "2024-08-02T00:48:47.698Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "FOXMAN-UN", "vendor": "Hitachi Energy", "versions": [{"status": "affected", "version": "FOXMAN-UN R16B"}, {"status": "affected", "version": "FOXMAN-UN R15B"}, {"status": "affected", "version": "FOXMAN-UN R16A"}, {"status": "affected", "version": "FOXMAN-UN R15A"}]}, {"defaultStatus": "unaffected", "product": "UNEM", "vendor": "Hitachi Energy", "versions": [{"status": "affected", "version": "UNEM R16B"}, {"status": "affected", "version": "UNEM R15B"}, {"status": "affected", "version": "UNEM R16A"}, {"status": "affected", "version": "UNEM R15A"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nA vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is \nstored in cleartext within a resource that might be accessible to another control sphere.\n\n"}], "value": "A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is \nstored in cleartext within a resource that might be accessible to another control sphere."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy", "dateUpdated": "2024-06-12T16:05:54.877Z"}, "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true"}, {"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "hitachi_energy", "product": "foxman-un", "cpes": ["cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "FOXMAN-UN R16B", "status": "affected"}, {"version": "FOXMAN-UN R15B", "status": "affected"}, {"version": "FOXMAN-UN R16A", "status": "affected"}, {"version": "FOXMAN-UN R15A", "status": "affected"}]}, {"vendor": "hitachi_energy", "product": "unem", "cpes": ["cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "UNEM R16B", "status": "affected"}, {"version": "UNEM R15B", "status": "affected"}, {"version": "UNEM R16A", "status": "affected"}, {"version": "UNEM R15A", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T20:22:36.317764Z", "id": "CVE-2024-28024", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T20:39:33.569Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:47.698Z"}, "title": "CVE Program Container", "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true", "tags": ["x_transferred"]}, {"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true", "tags": ["x_transferred"]}, {"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:47.698Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28024", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-11T20:22:36.317764Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*"], "vendor": "hitachi_energy", "product": "foxman-un", "versions": [{"status": "affected", "version": "FOXMAN-UN R16B"}, {"status": "affected", "version": "FOXMAN-UN R15B"}, {"status": "affected", "version": "FOXMAN-UN R16A"}, {"status": "affected", "version": "FOXMAN-UN R15A"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*"], "vendor": "hitachi_energy", "product": "unem", "versions": [{"status": "affected", "version": "UNEM R16B"}, {"status": "affected", "version": "UNEM R15B"}, {"status": "affected", "version": "UNEM R16A"}, {"status": "affected", "version": "UNEM R15A"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T20:35:35.873Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 1.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hitachi Energy", "product": "FOXMAN-UN", "versions": [{"status": "affected", "version": "FOXMAN-UN R16B"}, {"status": "affected", "version": "FOXMAN-UN R15B"}, {"status": "affected", "version": "FOXMAN-UN R16A"}, {"status": "affected", "version": "FOXMAN-UN R15A"}], "defaultStatus": "unaffected"}, {"vendor": "Hitachi Energy", "product": "UNEM", "versions": [{"status": "affected", "version": "UNEM R16B"}, {"status": "affected", "version": "UNEM R15B"}, {"status": "affected", "version": "UNEM R16A"}, {"status": "affected", "version": "UNEM R15A"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true"}, {"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is \nstored in cleartext within a resource that might be accessible to another control sphere.", "supportingMedia": [{"type": "text/html", "value": "\n\nA vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is \nstored in cleartext within a resource that might be accessible to another control sphere.\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy", "dateUpdated": "2024-06-12T16:05:54.877Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28024", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:48:47.698Z", "dateReserved": "2024-02-29T13:42:00.746Z", "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "datePublished": "2024-06-11T18:17:54.877Z", "assignerShortName": "Hitachi Energy"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r15a:*:*:*:*:*:*:*", "matchCriteriaId": "A7593C74-2882-45D3-AB32-3A45E3AECAAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r15b:*:*:*:*:*:*:*", "matchCriteriaId": "47606044-296D-4561-B9DC-82659BC666F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r16a:*:*:*:*:*:*:*", "matchCriteriaId": "7EE987B2-0620-44BB-AEA7-4E20CBE44822", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:foxman-un:r16b:*:*:*:*:*:*:*", "matchCriteriaId": "AE743C56-A17F-4FA7-9998-0C767E07518A", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*", "matchCriteriaId": "E78C9E5B-5876-4F15-A98A-359193287446", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*", "matchCriteriaId": "C3168F38-7B9E-4F4D-B6D0-1BAFB5FE05F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*", "matchCriteriaId": "7ABB4A53-07A0-4F9A-824B-A1AC71CCB44E", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*", "matchCriteriaId": "ADA6755A-0553-4246-B462-7580B080FDEF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is \nstored in cleartext within a resource that might be accessible to another control sphere."}, {"lang": "es", "value": "Existe una vulnerabilidad en FOXMAN-UN/UNEM en la que informaci\u00f3n confidencial se almacena en texto plano dentro de un recurso que podr\u00eda ser accesible a otra esfera de control."}], "id": "CVE-2024-28024", "lastModified": "2024-08-15T21:46:11.737", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}, "published": "2024-06-11T19:16:06.243", "references": [{"source": "cybersecurity@hitachienergy.com", "tags": ["Vendor Advisory"], "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true"}, {"source": "cybersecurity@hitachienergy.com", "tags": ["Vendor Advisory"], "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true"}], "sourceIdentifier": "cybersecurity@hitachienergy.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}