Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2022-3927

Disclosure Date: January 05, 2023
CVE-2022-3927 CVSS v3 Base Score: 9.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The affected products store both public and private key that are used to sign and
protect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change
the CPS file, sign it so that it is trusted as the legitimate CPS file.

This issue affects

  • FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C;
  • UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.

List of CPEs:

  • cpe:2.3:a:hitachienergy:foxman-un:R15B:::::::*

  • cpe:2.3:a:hitachienergy:foxman-un:R15A:::::::*

  • cpe:2.3:a:hitachienergy:foxman-un:R14B:::::::*

  • cpe:2.3:a:hitachienergy:foxman-un:R14A:::::::*

  • cpe:2.3:a:hitachienergy:foxman-un:R11B:::::::*

  • cpe:2.3:a:hitachienergy:foxman-un:R11A:::::::*

  • cpe:2.3:a:hitachienergy:foxman-un:R10C:::::::*

  • cpe:2.3:a:hitachienergy:foxman-un:R9C:::::::*

  • cpe:2.3:a:hitachienergy:unem:R15B:::::::*

  • cpe:2.3:a:hitachienergy:unem:R15A:::::::*

  • cpe:2.3:a:hitachienergy:unem:R14B:::::::*

  • cpe:2.3:a:hitachienergy:unem:R14A:::::::*

  • cpe:2.3:a:hitachienergy:unem:R11B:::::::*

  • cpe:2.3:a:hitachienergy:unem:R11A:::::::*

  • cpe:2.3:a:hitachienergy:unem:R10C:::::::*

  • cpe:2.3:a:hitachienergy:unem:R9C:::::::*

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
FOXMAN-UN FOXMAN-UN R16A
FOXMAN-UN FOXMAN-UN R15B
FOXMAN-UN FOXMAN-UN R15A
FOXMAN-UN FOXMAN-UN R14B
FOXMAN-UN FOXMAN-UN R14A
FOXMAN-UN FOXMAN-UN R11B
FOXMAN-UN FOXMAN-UN R11A
FOXMAN-UN FOXMAN-UN R10C
FOXMAN-UN FOXMAN-UN R9C
UNEM UNEM R16A
UNEM UNEM R15B
UNEM UNEM R15A
UNEM UNEM R14B
UNEM UNEM R14A
UNEM UNEM R11B
UNEM UNEM R11A
UNEM UNEM R10C
UNEM UNEM R9C
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

Products

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis