#VU70765 Inadequate Encryption Strength in Hitachi Energy Server applications
Vulnerability identifier: #VU70765
Vulnerability risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-326
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
FOXMAN-UN R16A
Server applications /
Other server solutions
FOXMAN-UN R15B
Server applications /
Other server solutions
FOXMAN-UN R15A
Server applications /
Other server solutions
FOXMAN-UN R14B
Server applications /
Other server solutions
FOXMAN-UN R14A
Server applications /
Other server solutions
FOXMAN-UN R11B
Server applications /
Other server solutions
FOXMAN-UN R11A
Server applications /
Other server solutions
FOXMAN-UN R10C
Server applications /
Other server solutions
FOXMAN-UN R9C
Server applications /
Other server solutions
Vendor: Hitachi Energy
Description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to inadequate encryption strength within the DES cypher. A local attacker can decrypt the cypher in a short time.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
FOXMAN-UN R16A: All versions
FOXMAN-UN R15B: All versions
FOXMAN-UN R15A: All versions
FOXMAN-UN R14B: All versions
FOXMAN-UN R14A: All versions
FOXMAN-UN R11B: All versions
FOXMAN-UN R11A: All versions
FOXMAN-UN R10C: All versions
FOXMAN-UN R9C: All versions
External links
http://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch
http://www.cisa.gov/uscert/ics/advisories/icsa-23-005-02
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
