CVE-2024-2012

CRITICAL

HitachiEnergy FOXMAN-UN/UNEM - Authentication Bypass and Remote Code Execution

Title source: llm

Description

vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior

References (1)

Core 1

Core References

Vendor Advisory

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true

Scores

CVSS v3 9.1

EPSS 0.0060

EPSS Percentile 43.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-288

Status published

Products (8)

hitachienergy/foxman-un r15a

hitachienergy/foxman-un r15b pc4

hitachienergy/foxman-un r16a

hitachienergy/foxman-un r16b pc2

hitachienergy/unem r15a

hitachienergy/unem r15b pc4 (2 CPE variants)

hitachienergy/unem r16a

hitachienergy/unem r16b pc2

Published Jun 11, 2024

Tracked Since Feb 18, 2026