Vulnerabilities > Hitachienergy > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-7940 | Missing Authentication for Critical Function vulnerability in Hitachienergy Microscada X Sys600 The product exposes a service that is intended for local only to all network interfaces without any authentication. | 9.8 |
| 2024-06-11 | CVE-2024-2011 | Out-of-bounds Write vulnerability in Hitachienergy Foxman-Un and Unem A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy | 9.8 |
| 2024-06-11 | CVE-2024-2012 | Unspecified vulnerability in Hitachienergy Foxman-Un and Unem vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior | 9.8 |
| 2024-06-11 | CVE-2024-2013 | Missing Authentication for Critical Function vulnerability in Hitachienergy Foxman-Un and Unem An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface. | 10.0 |
| 2023-03-28 | CVE-2022-3686 | Unspecified vulnerability in Hitachienergy Sdm600 A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. | 9.1 |
| 2023-01-05 | CVE-2021-40342 | Improper Authentication vulnerability in Hitachienergy Foxman-Un and Unem In the DES implementation, the affected product versions use a default key for encryption. | 9.8 |
| 2023-01-05 | CVE-2022-3927 | Use of Hard-coded Credentials vulnerability in Hitachienergy Foxman-Un and Unem The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. | 9.8 |
| 2023-01-05 | CVE-2022-3929 | Cleartext Transmission of Sensitive Information vulnerability in Hitachienergy Foxman-Un and Unem Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. | 9.8 |
| 2020-04-29 | CVE-2019-5620 | Missing Authentication for Critical Function vulnerability in Hitachienergy Microscada PRO Sys600 9.3 ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. | 9.8 |
| 2019-11-27 | CVE-2019-18253 | Path Traversal vulnerability in Hitachienergy Relion 670 Firmware An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory. | 10.0 |