CVE-2022-3928 (GCVE-0-2022-3928)
Vulnerability from cvelistv5
Published
2023-01-05 21:50
Modified
2025-04-10 13:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Summary
Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue.
This issue affects
* FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C;
* UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.
List of CPEs:
* cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Hitachi Energy | FOXMAN-UN |
Version: FOXMAN-UN R15B Version: FOXMAN-UN R15A Version: FOXMAN-UN R14B Version: FOXMAN-UN R14A Version: FOXMAN-UN R11B Version: FOXMAN-UN R11A Version: FOXMAN-UN R10C Version: FOXMAN-UN R9C |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3928",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T13:51:36.387546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T13:51:45.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FOXMAN-UN",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "unaffected",
"version": "FOXMAN-UN R16A"
},
{
"status": "affected",
"version": "FOXMAN-UN R15B"
},
{
"status": "affected",
"version": "FOXMAN-UN R15A"
},
{
"status": "affected",
"version": "FOXMAN-UN R14B"
},
{
"status": "affected",
"version": "FOXMAN-UN R14A"
},
{
"status": "affected",
"version": "FOXMAN-UN R11B"
},
{
"status": "affected",
"version": "FOXMAN-UN R11A"
},
{
"status": "affected",
"version": "FOXMAN-UN R10C"
},
{
"status": "affected",
"version": "FOXMAN-UN R9C"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UNEM",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "unaffected",
"version": "UNEM R16A"
},
{
"status": "affected",
"version": "UNEM R15B"
},
{
"status": "affected",
"version": "UNEM R15A"
},
{
"status": "affected",
"version": "UNEM R14B"
},
{
"status": "affected",
"version": "UNEM R14A"
},
{
"status": "affected",
"version": "UNEM R11B"
},
{
"status": "affected",
"version": "UNEM R11A"
},
{
"status": "affected",
"version": "UNEM R10C"
},
{
"status": "affected",
"version": "UNEM R9C"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "K-Businessom AG, Austria"
}
],
"datePublic": "2022-12-13T13:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nHardcoded credential is found in affected products\u0027 message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue.\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eThis issue affects \u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \u003c/li\u003e\u003cli\u003eUNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eList of CPEs: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ecpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nHardcoded credential is found in affected products\u0027 message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue.\n\n\n\nThis issue affects \n\n\n\n * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \n * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\n\n\n\n\nList of CPEs: \n * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\n\n * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\n\n * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n\n\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-05T21:50:47.595Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hardcoded credential is found in the message queue",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\u003cbr\u003e\u003cul\u003e\u003cli\u003eSecure the NMS CLIENT/SERVER communication.\u003c/li\u003e\u003c/ul\u003e\n\n"
}
],
"value": "\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n * Secure the NMS CLIENT/SERVER communication.\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2022-3928",
"datePublished": "2023-01-05T21:50:47.595Z",
"dateReserved": "2022-11-10T14:48:35.829Z",
"dateUpdated": "2025-04-10T13:51:45.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-3928\",\"sourceIdentifier\":\"cybersecurity@hitachienergy.com\",\"published\":\"2023-01-05T22:15:09.373\",\"lastModified\":\"2024-11-21T07:20:33.153\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nHardcoded credential is found in affected products\u0027 message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue.\\n\\n\\n\\nThis issue affects \\n\\n\\n\\n * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \\n * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\\n\\n\\n\\n\\nList of CPEs: \\n * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\\n\\n * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\\n\\n * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\\n\\n\\n\\n\\n\\n\\n\\n\\n\"},{\"lang\":\"es\",\"value\":\"La credencial codificada se encuentra en la cola de mensajes de los productos afectados. Un atacante que logre explotar esta vulnerabilidad podr\u00e1 acceder a los datos de la cola de mensajes interna. Este problema afecta a:\\n * Productos FOXMAN-UN: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \\n * Productos UNEM: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\\n\\nLista de CPEs: \\n * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cybersecurity@hitachienergy.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cybersecurity@hitachienergy.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachienergy:foxman-un:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"r16a\",\"matchCriteriaId\":\"73A42F39-F15F-41AE-BFE9-C4ACED6B715D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachienergy:unem:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"r16a\",\"matchCriteriaId\":\"5C32E48B-250D-4811-9130-3499C4DBE04A\"}]}]}],\"references\":[{\"url\":\"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\",\"source\":\"cybersecurity@hitachienergy.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\",\"source\":\"cybersecurity@hitachienergy.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T01:27:54.113Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-3928\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-10T13:51:36.387546Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-10T13:51:41.466Z\"}}], \"cna\": {\"title\": \"Hardcoded credential is found in the message queue\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"K-Businessom AG, Austria\"}], \"impacts\": [{\"capecId\": \"CAPEC-37\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-37 Retrieve Embedded Sensitive Data\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hitachi Energy\", \"product\": \"FOXMAN-UN\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"FOXMAN-UN R16A\"}, {\"status\": \"affected\", \"version\": \"FOXMAN-UN R15B\"}, {\"status\": \"affected\", \"version\": \"FOXMAN-UN R15A\"}, {\"status\": \"affected\", \"version\": \"FOXMAN-UN R14B\"}, {\"status\": \"affected\", \"version\": \"FOXMAN-UN R14A\"}, {\"status\": \"affected\", \"version\": \"FOXMAN-UN R11B\"}, {\"status\": \"affected\", \"version\": \"FOXMAN-UN R11A\"}, {\"status\": \"affected\", \"version\": \"FOXMAN-UN R10C\"}, {\"status\": \"affected\", \"version\": \"FOXMAN-UN R9C\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Hitachi Energy\", \"product\": \"UNEM\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"UNEM R16A\"}, {\"status\": \"affected\", \"version\": \"UNEM R15B\"}, {\"status\": \"affected\", \"version\": \"UNEM R15A\"}, {\"status\": \"affected\", \"version\": \"UNEM R14B\"}, {\"status\": \"affected\", \"version\": \"UNEM R14A\"}, {\"status\": \"affected\", \"version\": \"UNEM R11B\"}, {\"status\": \"affected\", \"version\": \"UNEM R11A\"}, {\"status\": \"affected\", \"version\": \"UNEM R10C\"}, {\"status\": \"affected\", \"version\": \"UNEM R9C\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2022-12-13T13:30:00.000Z\", \"references\": [{\"url\": \"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\"}, {\"url\": \"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"\\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\\n * Secure the NMS CLIENT/SERVER communication.\\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\u003cbr\u003e\u003cul\u003e\u003cli\u003eSecure the NMS CLIENT/SERVER communication.\u003c/li\u003e\u003c/ul\u003e\\n\\n\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nHardcoded credential is found in affected products\u0027 message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue.\\n\\n\\n\\nThis issue affects \\n\\n\\n\\n * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \\n * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\\n\\n\\n\\n\\nList of CPEs: \\n * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\\n\\n * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\\n\\n * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\\n * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\\n\\n\\n\\n\\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\nHardcoded credential is found in affected products\u0027 message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue.\u003cp\u003e\\n\\n\u003c/p\u003e\u003cp\u003eThis issue affects \u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; \u003c/li\u003e\u003cli\u003eUNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eList of CPEs: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003ecpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003ecpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*\u003c/li\u003e\u003cli\u003ecpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\\n\\n\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-798\", \"description\": \"CWE-798 Use of Hard-coded Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"e383dce4-0c27-4495-91c4-0db157728d17\", \"shortName\": \"Hitachi Energy\", \"dateUpdated\": \"2023-01-05T21:50:47.595Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-3928\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-10T13:51:45.488Z\", \"dateReserved\": \"2022-11-10T14:48:35.829Z\", \"assignerOrgId\": \"e383dce4-0c27-4495-91c4-0db157728d17\", \"datePublished\": \"2023-01-05T21:50:47.595Z\", \"assignerShortName\": \"Hitachi Energy\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…