Main Vulnerability Database Vulnerabilities #VU102879

#VU102879 Improper Restriction of Excessive Authentication Attempts in FOXMAN-UN and UNEM - CVE-2024-28022

Published: January 17, 2025 / Updated: January 17, 2025

Vulnerability identifier: #VU102879

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-28022

CWE-ID: CWE-307

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FOXMAN-UN
UNEM

Software vendor:
Hitachi Energy

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper restriction of excessive authentication attempts. A remote attacker can conduct brute force attacks to gain access to other components in the same security realm using the targeted account.

Remediation

Install update from vendor's website.

External links

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true
https://www.cisa.gov/news-events/ics-advisories/icsa-25-014-01