CVE-2024-28022 MEDIUM

CVE-2024-28022

Vendor Hitachi Energy
Product FOXMAN-UN
Weakness CWE-307 · Brute force
Published June 11, 2024
Last update May 20, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account.

Key dates

02Disclosure timeline

June 11, 2024 CVE published
May 20, 2025 Record updated