Request a Demo
Rewterz
Rewterz Threat Advisory –Multiple Juniper Networks Junos OS and Junos OS Evolved Vulnerabilities
January 16, 2023
Rewterz
Rewterz Threat Advisory – ICS: Siemens JT Open Toolkit, JT Utilities, and Solid Edge Vulnerability
January 16, 2023

Rewterz Threat Advisory – ICS: Multiple Hitachi Energy Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-2155 CVSS:5.7

Hitachi Energy Lumada APM could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the access control mechanism implementation on the Limited Engineer role. By sending a specially crafted request, an attacker could exploit this vulnerability to access to any installed Power BI reports and manipulate asset data.

CVE-2022-3929 CVSS:8.3

Hitachi Energy FOXMAN-UN and UNEM could allow a local attacker to obtain sensitive information, caused by cleartext transmission of sensitive information. A local attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-40342 CVSS:7.1

Hitachi Energy FOXMAN-UN and UNEM could allow a local attacker to obtain sensitive information, caused by using a DES implementation with a default key for encryption. A local attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-40341 CVSS:7.1

Hitachi Energy FOXMAN-UN and UNEM could allow a local attacker to obtain sensitive information, caused by using the DES cypher to encrypt user credentials. A local attacker could exploit this vulnerability to obtain sensitive information.

CVE-2022-3927 CVSS:8

Hitachi Energy FOXMAN-UN and UNEM could provide weaker than expected security, caused by the use of hard-coded cryptographic Key. A remote authenticated attacker could exploit this vulnerability to change the CPS file and sign it.

Impact

  • Security Bypass
  • Information Disclosure
  • Data Manipulation

Indicators Of Compromise

CVE

  • CVE-2022-2155
  • CVE-2022-3929
  • CVE-2021-40342
  • CVE-2021-40341
  • CVE-2022-3927

Affected Vendors

Hitachi Energy

Affected Products

  • Hitachi Energy Lumada APM 6.4.220601.0 SaaS
  • Hitachi Energy Lumada APM 6.4.0 On Premises
  • Hitachi Energy FOXMAN-UN R16AHitachi Energy FOXMAN-UN R15B
  • Hitachi Energy FOXMAN-UN R15AHitachi Energy FOXMAN-UN R14B
  • Hitachi Energy UNEM R9CHitachi Energy UNEM R15A
  • Hitachi Energy UNEM R10CHitachi Energy UNEM R11B
  • Hitachi Energy UNEM R14AHitachi Energy UNEM R11A
  • Hitachi Energy UNEM R14BHitachi Energy UNEM R15B
  • Hitachi Energy UNEM R16AHitachi Energy FOXMAN-UN R9C
  • Hitachi Energy FOXMAN-UN R10CHitachi Energy FOXMAN-UN R11A
  • Hitachi Energy FOXMAN-UN R11BHitachi Energy FOXMAN-UN R14A

Remediation

Refer to Hitachi Energy Advisory for patch, upgrade or suggested workaround information.

Hitachi Energy Lumada APM

Hitachi Energy FOXMAN-UN and Hitachi Energy UNEM