CVE-2023-1711

Improper Encoding or Escaping of Output (CWE-116)

Published: May 30, 2023 / Updated: 17mo ago

010
CVSS 4.4EPSS 0.05%Medium
CVE info copied to clipboard

A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information. List of CPEs: * cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R16A:*:*:*:*:*:*:* * * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R16A:*:*:*:*:*:*:*

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2023-1711. See article

May 30, 2023 at 7:06 PM / cve.report
Static CVE Timeline Graph

Affected Systems

Hitachienergy/foxman-un
+null more

Patches

search.abb.com
+null more

Links to Mitre Att&cks

T1070: Indicator Removal on Host
+null more

Attack Patterns

CAPEC-104: Cross Zone Scripting
+null more

News

Improper Output Neutralization for Logs in Hitachi Energy FOXMAN-UN and UNEM
Improper Output Neutralization for Logs in Hitachi Energy FOXMAN-UN and UNEM ; Number of vulnerabilities, 1 ; CVE-ID, CVE-2023-1711 ; CWE-ID, CWE-117.
ESB-2023.3676 - [Appliance] Hitachi Energy FOXMAN-UN and UNEM Products: CVSS (Max): 4.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.3676 ICS Advisory ICSA-23-178-01 Hitachi Energy FOXMAN-UN and UNEM Products 28 June 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Hitachi Energy FOXMAN-UN and UNEM Products Publisher: ICS-CERT Operating System: Network Appliance Resolution: Mitigation CVE Names: CVE-2023-1711 Original Bulletin: https://www.cisa.gov/news-events/ics-advisories/icsa-23-178-01 Comment: CVSS (Max):
ESB-2023.3676 - [Appliance] Hitachi Energy FOXMAN-UN and UNEM Products: CVSS (Max): 4.0
Hitachi Energy recommends the following general mitigation factors and security practices: o Configure firewalls to protect process control networks from attacks originating from outside the network. 4. MITIGATIONS Recommended Mitigations for the following FOXMAN-UN and UNEM products: o FOXMAN-UN: Version R16A, update to FOXMAN-UN R16B when released or apply general mitigation factors.
Hitachi Energy FOXMAN-UN and UNEM Products
1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: High attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN, UNEM Products Vulnerability: Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could permit an attacker to access sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of FOXMAN-UN and UNEM, network management system toolsets, are affected: FOXMAN-UN:
Hitachi Energy FOXMAN-UN and UNEM Products
The following versions of FOXMAN-UN and UNEM, network management system toolsets, are affected: Recommended Mitigations for the following FOXMAN-UN and UNEM products:
See 11 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI