Improper Output Neutralization for Logs in Hitachi Energy FOXMAN-UN and UNEM



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-1711
CWE-ID CWE-117
Exploitation vector Local
Public exploit N/A
Vulnerable software
 FOXMAN-UN
Server applications / Other server solutions

UNEM
Server applications / Other server solutions

Vendor Hitachi Energy

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper Output Neutralization for Logs

EUVDB-ID: #VU77743

Risk: Low

CVSSv4.0: 0.6 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-1711

CWE-ID: CWE-117 - Improper Output Neutralization for Logs

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper output neutralization for logs. A local administrator can forge log entries or inject malicious content into logs.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FOXMAN-UN: R9C - R16A

UNEM: R9C - R16A

CPE2.3 External links

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000155&LanguageCode=en&DocumentPartId=&Action=Launch
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000166&LanguageCode=en&DocumentPartId=&Action=Launch
https://www.cisa.gov/news-events/ics-advisories/icsa-23-178-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###