CVE-2022-3927

EUVD-2022-43261

05.01.2023, 22:15

The affected products store both public and private key that are used to sign and
protect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change
the CPS file, sign it so that it is trusted as the legitimate CPS file.








This issue affects 



  *  FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; 
  *  UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.




List of CPEs: 
  *  cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*

  *  cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*

  *  cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8 HIGH	NETWORK	HIGH	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Hitachi Energy	CNA	8 HIGH	NETWORK	HIGH	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 64%

Affected Products (NVD)

Vendor	Product	Version
hitachienergy	foxman-un	𝑥 < r16a
hitachienergy	unem	𝑥 < r16a

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-798 - Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

References

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch