{"api_version":"1","generated_at":"2026-04-23T04:21:51+00:00","cve":"CVE-2022-3928","urls":{"html":"https://cve.report/CVE-2022-3928","api":"https://cve.report/api/cve/CVE-2022-3928.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-3928","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-3928"},"summary":{"title":"CVE-2022-3928","description":"Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*","state":"PUBLIC","assigner":"cybersecurity@hitachienergy.com","published_at":"2023-01-05 22:15:00","updated_at":"2023-11-07 03:51:00"},"problem_types":["CWE-798"],"metrics":[],"references":[{"url":"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch","name":"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch","refsource":"MISC","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"404"},{"url":"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch","name":"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch","refsource":"MISC","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-3928","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3928","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"3928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hitachi","cpe5":"foxman-un","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hitachi","cpe5":"unem","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hitachienergy","cpe5":"foxman-un","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3928","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hitachienergy","cpe5":"unem","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-3928","ASSIGNER":"cybersecurity@hitachienergy.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-798 Use of Hard-coded Credentials","cweId":"CWE-798"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Hitachi Energy","product":{"product_data":[{"product_name":"FOXMAN-UN","version":{"version_data":[{"version_value":"FOXMAN-UN R16A","version_affected":"!"},{"version_value":"FOXMAN-UN R15B","version_affected":"="},{"version_value":"FOXMAN-UN R15A","version_affected":"="},{"version_value":"FOXMAN-UN R14B","version_affected":"="},{"version_value":"FOXMAN-UN R14A","version_affected":"="},{"version_value":"FOXMAN-UN R11B","version_affected":"="},{"version_value":"FOXMAN-UN R11A","version_affected":"="},{"version_value":"FOXMAN-UN R10C","version_affected":"="},{"version_value":"FOXMAN-UN R9C","version_affected":"="}]}},{"product_name":"UNEM","version":{"version_data":[{"version_value":"UNEM R16A","version_affected":"!"},{"version_value":"UNEM R15B","version_affected":"="},{"version_value":"UNEM R15A","version_affected":"="},{"version_value":"UNEM R14B","version_affected":"="},{"version_value":"UNEM R14A","version_affected":"="},{"version_value":"UNEM R11B","version_affected":"="},{"version_value":"UNEM R11A","version_affected":"="},{"version_value":"UNEM R10C","version_affected":"="},{"version_value":"UNEM R9C","version_affected":"="}]}}]}}]}},"references":{"reference_data":[{"url":"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch","refsource":"MISC","name":"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch"},{"url":"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch","refsource":"MISC","name":"https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"EXTERNAL"},"work_around":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory<br><ul><li>Secure the NMS CLIENT/SERVER communication.</li></ul>\n\n"}],"value":"\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n  *  Secure the NMS CLIENT/SERVER communication.\n\n\n\n\n"}],"credits":[{"lang":"en","value":"K-Businessom AG, Austria"}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-01-05 22:15:00","lastModifiedDate":"2023-11-07 03:51:00","problem_types":["CWE-798"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hitachienergy:unem:*:*:*:*:*:*:*:*","versionEndExcluding":"r16a","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hitachienergy:foxman-un:*:*:*:*:*:*:*:*","versionEndExcluding":"r16a","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}