CVE-2024-28022

MEDIUM

HitachiEnergy FOXMAN-UN and UNEM - Improper Restriction of Excessive Authentication Attempts

Title source: llm

Description

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account.

References (2)

Core 2

Core References

Vendor Advisory

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true

Vendor Advisory

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true

Scores

CVSS v3 6.5

EPSS 0.0036

EPSS Percentile 27.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-307

Status published

Products (8)

hitachienergy/foxman-un r15a

hitachienergy/foxman-un r15b

hitachienergy/foxman-un r16a

hitachienergy/foxman-un r16b

hitachienergy/unem r15a

hitachienergy/unem r15b

hitachienergy/unem r16a

hitachienergy/unem r16b

Published Jun 11, 2024

Tracked Since Feb 18, 2026