Vulnerability identifier: #VU70768

Vulnerability risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3927

CWE-ID: CWE-321

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FOXMAN-UN R16A
Server applications / Other server solutions
FOXMAN-UN R15B
Server applications / Other server solutions
FOXMAN-UN R15A
Server applications / Other server solutions
FOXMAN-UN R14B
Server applications / Other server solutions
FOXMAN-UN R14A
Server applications / Other server solutions
FOXMAN-UN R11B
Server applications / Other server solutions
FOXMAN-UN R11A
Server applications / Other server solutions
FOXMAN-UN R10C
Server applications / Other server solutions
FOXMAN-UN R9C
Server applications / Other server solutions

Vendor: Hitachi Energy

Description

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to the affected products contain public and private keys used to sign and protect custom parameter set (CPS) files from modification. A remote administrator can change the CPS file and sign it, so it is trusted as a legitimate CPS file.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

FOXMAN-UN R16A: All versions

FOXMAN-UN R15B: All versions

FOXMAN-UN R15A: All versions

FOXMAN-UN R14B: All versions

FOXMAN-UN R14A: All versions

FOXMAN-UN R11B: All versions

FOXMAN-UN R11A: All versions

FOXMAN-UN R10C: All versions

FOXMAN-UN R9C: All versions

---

External links
http://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch
http://www.cisa.gov/uscert/ics/advisories/icsa-23-005-02

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.