Improper Output Neutralization for Logs in Hitachi Energy FOXMAN-UN and UNEM
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-1711 |
| CWE-ID | CWE-117 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
FOXMAN-UN Server applications / Other server solutions UNEM Server applications / Other server solutions |
| Vendor | Hitachi Energy |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper Output Neutralization for Logs
EUVDB-ID: #VU77743
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1711
CWE-ID:
CWE-117 - Improper Output Neutralization for Logs
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper output neutralization for logs. A local administrator can forge log entries or inject malicious content into logs.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFOXMAN-UN: R9C - R16A
UNEM: R9C - R16A
External linkshttp://search.abb.com/library/Download.aspx?DocumentID=8DBD000155&LanguageCode=en&DocumentPartId=&Action=Launch
http://search.abb.com/library/Download.aspx?DocumentID=8DBD000166&LanguageCode=en&DocumentPartId=&Action=Launch
http://www.cisa.gov/news-events/ics-advisories/icsa-23-178-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
