Vulnerabilities > Hitachienergy > Foxman UN > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-11 | CVE-2024-2013 | Missing Authentication for Critical Function vulnerability in Hitachienergy Foxman-Un and Unem An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface. | 10.0 |
| 2024-06-11 | CVE-2024-2012 | Unspecified vulnerability in Hitachienergy Foxman-Un and Unem vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior | 9.8 |
| 2024-06-11 | CVE-2024-2011 | Out-of-bounds Write vulnerability in Hitachienergy Foxman-Un and Unem A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy | 9.8 |
| 2023-01-05 | CVE-2022-3929 | Cleartext Transmission of Sensitive Information vulnerability in Hitachienergy Foxman-Un and Unem Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. | 9.8 |
| 2023-01-05 | CVE-2022-3927 | Use of Hard-coded Credentials vulnerability in Hitachienergy Foxman-Un and Unem The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. | 9.8 |
| 2023-01-05 | CVE-2021-40342 | Improper Authentication vulnerability in Hitachienergy Foxman-Un and Unem In the DES implementation, the affected product versions use a default key for encryption. | 9.8 |