Vulnerabilities > CVE-2024-28022 - Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachienergy Foxman-Un and Unem

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

high complexity

hitachienergy

CWE-307

NVD

Published: 2024-06-11

Updated: 2024-10-30

Summary

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account.

Vulnerable Configurations

Part	Description	Count
Application	Hitachienergy Hitachienergy Unem R15B Hitachienergy Unem R15A Hitachienergy Unem R16A Hitachienergy Unem R16B Hitachienergy Foxman UN R15B Hitachienergy Foxman UN R15A Hitachienergy Foxman UN R16A Hitachienergy Foxman UN R16B	8

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References