CRITICAL🇵🇱 Wersja polska

CVE-2024-2013

CVSS 10.0v3.1pub. 2024-06-11upd. 2024-11-21

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface.

🤖 AI Analysis
How it works

The vulnerability (CWE-288, CWE-306) lies in the ability to bypass authentication mechanisms in the server or API Gateway layer. An attacker without any credentials can directly interact with internal system services that normally require authorization. The maximum CVSS score of 10.0 with a network vector (AV:N), no required privileges (PR:N), and no user interaction (UI:N) indicates full remote exploitability.

Impact

An attacker can gain unauthorized access to the entire scope of functionality available after authentication, potentially leading to disclosure of sensitive data, modification of configuration, or disruption of the power grid management system.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references (https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true). Until the fix is implemented, it is recommended to restrict network access to the API Gateway component only to trusted hosts and apply additional access control mechanisms at the firewall level.

Who is affected

Hitachi Energy FOXMAN-UN and UNEM products — versions indicated in the manufacturer's references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Hitachienergy Foxman Un

    APP
    Hitachienergy
    r15ar15br16ar16b
  • Hitachienergy Unem

    APP
    Hitachienergy
    r15ar15br16b
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-2012CRITICAL9.1PL ✓ten sam produkt

RCE w serwerze/API Gateway Hitachi Energy FOXMAN-UN/UNEM

CVE-2024-28021HIGH7.4ten sam produkt

A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate...

CVE-2024-2011HIGH8.6ten sam produkt

A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead ...

CVE-2024-28020HIGH8.0ten sam produkt

A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploit...

CVE-2022-3927HIGH8.0ten sam produkt

The affected products store both public and private key that are used to sign and protect Custom Parameter Se...