9.8

CVE-2021-40342

In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions.





This issue affects 



  *  FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; 
  *  UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C.




List of CPEs: 
  *  cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HitachienergyFoxman-un Versionr9c
HitachienergyFoxman-un Versionr10c
HitachienergyFoxman-un Versionr11a
HitachienergyFoxman-un Versionr11b
HitachienergyFoxman-un Versionr14a
HitachienergyFoxman-un Versionr14b
HitachienergyFoxman-un Versionr15a
HitachienergyFoxman-un Versionr15b
HitachienergyFoxman-un Versionr16a
HitachienergyUnem Versionr9c
HitachienergyUnem Versionr10c
HitachienergyUnem Versionr11a
HitachienergyUnem Versionr11b
HitachienergyUnem Versionr14a
HitachienergyUnem Versionr14b
HitachienergyUnem Versionr15a
HitachienergyUnem Versionr15b
HitachienergyUnem Versionr16a
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.333
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cybersecurity@hitachienergy.com 7.1 2.5 4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.