CVE-2021-40341

Weak DES encryption

Description

DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects  * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C;  * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs:  * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*

Remediation

Workaround:

  • The vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned). For immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A, please refer to the Database contains credentials with weak encryption clause of section Mitigation Factors/Workarounds in the respective products' advisory. For immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory * Secure the NMS CLIENT/SERVER communication.  * Embedded FOXCST with RADIUS authentication should be avoided.  * Database contains credentials with weak encryption.

Category

7.1
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.03%
Vendor Advisory abb.com Vendor Advisory abb.com
Affected: Hitachi Energy FOXMAN-UN
Affected: Hitachi Energy UNEM
Published at:
Updated at:

References

Link Tags
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch mitigation vendor advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch mitigation vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-40341?
CVE-2021-40341 has been scored as a high severity vulnerability.
How to fix CVE-2021-40341?
As a workaround for remediating CVE-2021-40341: The vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned). For immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A, please refer to the Database contains credentials with weak encryption clause of section Mitigation Factors/Workarounds in the respective products' advisory. For immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory * Secure the NMS CLIENT/SERVER communication.  * Embedded FOXCST with RADIUS authentication should be avoided.  * Database contains credentials with weak encryption.
Is CVE-2021-40341 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-40341 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-40341?
CVE-2021-40341 affects Hitachi Energy FOXMAN-UN, Hitachi Energy UNEM.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.