Vulnerabilities > Hitachienergy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-12 | CVE-2022-2155 | Incorrect Authorization vulnerability in Hitachienergy Lumada Asset Performance Management A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports feature. | 7.1 |
| 2023-01-05 | CVE-2021-40341 | Inadequate Encryption Strength vulnerability in Hitachienergy Foxman-Un and Unem DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. | 5.5 |
| 2023-01-05 | CVE-2021-40342 | Use of Hard-coded Credentials vulnerability in Hitachienergy Foxman-Un and Unem In the DES implementation, the affected product versions use a default key for encryption. | 9.8 |
| 2023-01-05 | CVE-2022-3927 | Use of Hard-coded Credentials vulnerability in Hitachienergy Foxman-Un and Unem The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. | 9.8 |
| 2023-01-05 | CVE-2022-3928 | Use of Hard-coded Credentials vulnerability in Hitachienergy Foxman-Un and Unem Hardcoded credential is found in affected products' message queue. | 5.5 |
| 2023-01-05 | CVE-2022-3929 | Cleartext Transmission of Sensitive Information vulnerability in Hitachienergy Foxman-Un and Unem Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. | 9.8 |
| 2022-11-22 | CVE-2022-2513 | Cleartext Storage of Sensitive Information vulnerability in Hitachienergy products A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database. | 5.5 |
| 2022-11-21 | CVE-2022-3388 | Improper Input Validation vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600 An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. | 7.8 |
| 2022-09-14 | CVE-2022-1778 | Classic Buffer Overflow vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. | 4.4 |
| 2022-09-14 | CVE-2022-29492 | Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. | 7.5 |