Hitachi Energy FOXMAN-UN and UNEM Products

Monitor4ICS-CERT ICSA-23-178-01Jun 27, 2023

Attack VectorLocal

Auth RequiredHigh

ComplexityHigh

User InteractionRequired

Summary

Hitachi Energy FOXMAN-UN and UNEM products versions R16A through R9C contain an information disclosure vulnerability that could allow an attacker with local access and administrative credentials to read sensitive configuration or credential information. The vulnerability exists in improper logging or information handling mechanisms (CWE-117). FOXMAN-UN R16A and UNEM R16A have fixes available in upcoming R16B releases; all other versions (R15B and earlier) are end-of-life with no planned patches. Affected products are used for electrical network management and substation automation in energy infrastructure.

What this means

What could happen

An attacker with local access to FOXMAN-UN or UNEM devices could read sensitive configuration or credential data, potentially compromising the integrity of energy management systems.

Who's at risk

Electric utilities and energy operators using Hitachi Energy FOXMAN-UN or UNEM network management or substation automation products, particularly those running older versions (R15A and earlier) that no longer receive vendor support.

How it could be exploited

An attacker with local access to the device and elevated privileges could exploit improper logging or information disclosure to read sensitive files or configuration data. The attack requires physical proximity to the device and administrative credentials.

Prerequisites

Physical access to the device
High-privilege user account (administrative credentials)
Ability to interact with the device interface or file system
The device must be powered on and operational

No patch available for end-of-life versionsHigh-privilege requirement reduces immediate risk but affects administrative workflowsLow EPSS score suggests limited real-world exploitation likelihoodPhysical access requirement limits attack surface but affects insider threat risk

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (18)

18 pending

ProductAffected VersionsFix Status

FOXMAN-UN: R16AR16ANo fix yet

FOXMAN-UN: R15BR15BNo fix yet

FOXMAN-UN: R15AR15ANo fix yet

FOXMAN-UN: R14BR14BNo fix yet

FOXMAN-UN: R14AR14ANo fix yet

Remediation & Mitigation

0/8

Do now

0/4

HARDENINGImplement physical access controls to prevent unauthorized personnel from accessing FOXMAN-UN and UNEM devices

HARDENINGEnforce strong password policies and multi-factor authentication for administrative accounts on affected devices

WORKAROUNDRestrict network-based administrative access to FOXMAN-UN and UNEM devices; use air-gapped or VPN-based management only

HARDENINGDo not use FOXMAN-UN or UNEM devices for internet browsing, email, or messaging

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade FOXMAN-UN R16A and R15B to FOXMAN-UN R16B when released by Hitachi Energy

HOTFIXUpgrade UNEM R16A and R15B to UNEM R16B when released by Hitachi Energy

Long-term hardening

0/2

HARDENINGIsolate process control networks containing FOXMAN-UN or UNEM devices from business networks and the internet using firewalls with minimal exposed ports

HARDENINGScan portable devices and removable storage for malware before connecting to control system networks

CVEs (1)

CVE-2023-1711

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1b45c663-7462-4d14-9c88-2c0c1a6ca208