All the vulnerabilites related to Hitachi Energy - FOX61x
cve-2021-40333
Vulnerability from cvelistv5
Published
2021-12-02 18:29
Modified
2024-09-17 00:15
Severity ?
EPSS score ?
Summary
Weak default credential associated with TCP port 26
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Hitachi Energy | FOX61x | |
| Hitachi Energy | XCM20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FOX61x",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThan": "R15A",
"status": "affected",
"version": "R15A",
"versionType": "custom"
}
]
},
{
"product": "XCM20",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThan": "R15A",
"status": "affected",
"version": "R15A",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-02T18:29:36",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"value": "Fixed in FOX61x R14A Hotfix or XMC20 R14A Hotfix\nFixed in FOX61x R15A or XMC20 R15A"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Weak default credential associated with TCP port 26",
"workarounds": [
{
"lang": "en",
"value": "Recommended security practices and firewall configurations help protecting systems from attacks that originate from outside the network. Such practices include that network management systems and XMC20 networks are typically physically protected from direct access by unauthorized personnel and have no direct connections to the Internet, as well as are separated from other networks by means of a firewall system that has a minimal number of ports exposed (e.g., traffic to TCP port 26 should be blocked/dropped), and others that have to be evaluated case by case. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachienergy.com",
"DATE_PUBLIC": "2021-11-23T11:00:00.000Z",
"ID": "CVE-2021-40333",
"STATE": "PUBLIC",
"TITLE": "Weak default credential associated with TCP port 26"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FOX61x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "R15A",
"version_value": "R15A"
}
]
}
},
{
"product_name": "XCM20",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "R15A",
"version_value": "R15A"
}
]
}
}
]
},
"vendor_name": "Hitachi Energy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-521 Weak Password Requirements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"solution": [
{
"lang": "en",
"value": "Fixed in FOX61x R14A Hotfix or XMC20 R14A Hotfix\nFixed in FOX61x R15A or XMC20 R15A"
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Recommended security practices and firewall configurations help protecting systems from attacks that originate from outside the network. Such practices include that network management systems and XMC20 networks are typically physically protected from direct access by unauthorized personnel and have no direct connections to the Internet, as well as are separated from other networks by means of a firewall system that has a minimal number of ports exposed (e.g., traffic to TCP port 26 should be blocked/dropped), and others that have to be evaluated case by case. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2021-40333",
"datePublished": "2021-12-02T18:29:36.828706Z",
"dateReserved": "2021-08-31T00:00:00",
"dateUpdated": "2024-09-17T00:15:37.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-40334
Vulnerability from cvelistv5
Published
2021-12-02 18:28
Modified
2024-09-16 23:11
Severity ?
EPSS score ?
Summary
SSH activation problem in the proprietary management protocol (port TCP 5558)
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Hitachi Energy | FOX61x | |
| Hitachi Energy | XCM20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FOX61x",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThan": "R15A",
"status": "affected",
"version": "R15A",
"versionType": "custom"
}
]
},
{
"product": "XCM20",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThan": "R15A",
"status": "affected",
"version": "R15A",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-431",
"description": "CWE-431 Missing Handler",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-02T18:28:18",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"value": "Fixed in FOX61x R15A or XMC20 R15A"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SSH activation problem in the proprietary management protocol (port TCP 5558)",
"workarounds": [
{
"lang": "en",
"value": "Recommended security practices and firewall configurations help protecting systems from attacks that originate from outside the network. Such practices include that network management systems and FOX61x or XMC20 networks are typically physically protected from direct access by unauthorized personnel and have no direct connections to the Internet, as well as are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachienergy.com",
"DATE_PUBLIC": "2021-11-23T11:00:00.000Z",
"ID": "CVE-2021-40334",
"STATE": "PUBLIC",
"TITLE": "SSH activation problem in the proprietary management protocol (port TCP 5558)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FOX61x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "R15A",
"version_value": "R15A"
}
]
}
},
{
"product_name": "XCM20",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "R15A",
"version_value": "R15A"
}
]
}
}
]
},
"vendor_name": "Hitachi Energy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-431 Missing Handler"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"solution": [
{
"lang": "en",
"value": "Fixed in FOX61x R15A or XMC20 R15A"
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Recommended security practices and firewall configurations help protecting systems from attacks that originate from outside the network. Such practices include that network management systems and FOX61x or XMC20 networks are typically physically protected from direct access by unauthorized personnel and have no direct connections to the Internet, as well as are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2021-40334",
"datePublished": "2021-12-02T18:28:18.525907Z",
"dateReserved": "2021-08-31T00:00:00",
"dateUpdated": "2024-09-16T23:11:57.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-2461
Vulnerability from cvelistv5
Published
2024-06-11 12:57
Modified
2024-08-01 19:11
Severity ?
EPSS score ?
Summary
If exploited an attacker could traverse the file system to access
files or directories that would otherwise be inaccessible
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Hitachi Energy | FOX61x | |
| Hitachi Energy | XMC20 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T13:58:39.472974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T13:58:58.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FOX61x",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "FOX61x R16B Revision E (cesm3_r16b04_02, cesne_r16b04_02 and f10ne_r16b04_02)",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FOX61x R16B Revision G, version (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07)",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOX61x R15B",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FOX61X R16B Revision G, (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07)"
},
{
"status": "affected",
"version": "FOX61x R16A"
},
{
"status": "affected",
"version": "FOX61x R15A"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XMC20",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "XMC20 R16B Revision C (cent2_r16b04_02, co5ne_r16b04_02)",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07)",
"versionType": "custom"
},
{
"status": "affected",
"version": "XMC20 R15B",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07)",
"versionType": "custom"
},
{
"status": "affected",
"version": "XMC20 R16A",
"versionType": "custom"
},
{
"status": "affected",
"version": "XMC20 R15A",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nIf exploited an attacker could traverse the file system to access \nfiles or directories that would otherwise be inaccessible\n\n"
}
],
"value": "If exploited an attacker could traverse the file system to access \nfiles or directories that would otherwise be inaccessible"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T12:57:04.498Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-2461",
"datePublished": "2024-06-11T12:57:04.498Z",
"dateReserved": "2024-03-14T17:09:59.168Z",
"dateUpdated": "2024-08-01T19:11:53.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-2462
Vulnerability from cvelistv5
Published
2024-06-11 12:48
Modified
2024-08-01 19:11
Severity ?
EPSS score ?
Summary
Allow attackers to intercept or falsify data exchanges between the client
and the server
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi_energy:foxman-un:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "foxman-un",
"vendor": "hitachi_energy",
"versions": [
{
"lessThanOrEqual": "FOXMAN-UN R16B PC2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FOXMAN-UN R16B PC3"
},
{
"lessThanOrEqual": "FOXMAN-UN R15B PC4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FOXMAN-UN R15B PC5"
},
{
"status": "affected",
"version": "FOXMAN-UN R16A"
},
{
"status": "affected",
"version": "FOXMAN-UN R15A"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachi_energy:fox61x:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fox61x",
"vendor": "hitachi_energy",
"versions": [
{
"lessThan": "FOX61x R16B",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FOX61x R16B"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachi_energy:foxcst:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "foxcst",
"vendor": "hitachi_energy",
"versions": [
{
"lessThan": "FOXCST_16.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FOXCST_16.2.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachi_energy:unem:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "unem",
"vendor": "hitachi_energy",
"versions": [
{
"lessThanOrEqual": "UNEM R16B PC2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "UNEM R16B PC3"
},
{
"lessThanOrEqual": "UNEM R15B PC4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "UNEM R15B PC5"
},
{
"status": "affected",
"version": "UNEM R16A"
},
{
"status": "affected",
"version": "UNEM R15A"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachi_energy:xmc20:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "xmc20",
"vendor": "hitachi_energy",
"versions": [
{
"status": "affected",
"version": "R16B"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachi_energy:ecst:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ecst",
"vendor": "hitachi_energy",
"versions": [
{
"status": "affected",
"version": "ECST_16.2.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T18:31:01.584910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:06:16.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FOXMAN-UN",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "FOXMAN-UN R16B PC2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FOXMAN-UN R16B PC3",
"versionType": "custom"
},
{
"lessThanOrEqual": "FOXMAN-UN R15B PC4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FOXMAN-UN R15B PC5",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOXMAN-UN R16A",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOXMAN-UN R15A",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FOX61x",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThan": "FOX61x R16B",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FOX61x R16B",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FOXCST",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThan": "FOXCST_16.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FOXCST_16.2.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UNEM",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "UNEM R16B PC2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "UNEM R16B PC3",
"versionType": "custom"
},
{
"lessThanOrEqual": "UNEM R15B PC4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "UNEM R15B PC5",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R16A",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R15A",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XMC20",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "R16B",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ECST",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "ECST_16.2.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Allow attackers to intercept or falsify data exchanges between the client \nand the server\n\n"
}
],
"value": "Allow attackers to intercept or falsify data exchanges between the client \nand the server"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T12:48:57.963Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-2462",
"datePublished": "2024-06-11T12:48:57.963Z",
"dateReserved": "2024-03-14T17:09:59.755Z",
"dateUpdated": "2024-08-01T19:11:53.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}