#VU70768 Use of Hard-coded Cryptographic Key in Hitachi Energy products - CVE-2022-3927
Published: January 6, 2023
Vulnerability identifier: #VU70768
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Clear
CVE-ID: CVE-2022-3927
CWE-ID: CWE-321
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
FOXMAN-UN R16A
FOXMAN-UN R15B
FOXMAN-UN R15A
FOXMAN-UN R14B
FOXMAN-UN R14A
FOXMAN-UN R11B
FOXMAN-UN R11A
FOXMAN-UN R10C
FOXMAN-UN R9C
FOXMAN-UN R16A
FOXMAN-UN R15B
FOXMAN-UN R15A
FOXMAN-UN R14B
FOXMAN-UN R14A
FOXMAN-UN R11B
FOXMAN-UN R11A
FOXMAN-UN R10C
FOXMAN-UN R9C
Software vendor:
Hitachi Energy
Hitachi Energy
Description
The vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to the affected products contain public and private keys used to sign and protect custom parameter set (CPS) files from modification. A remote administrator can change the CPS file and sign it, so it is trusted as a legitimate CPS file.
Remediation
Install updates from vendor's website.