CVE-2022-3927

Name of the Vulnerable Software and Affected Versions FOXMAN-UN versions R9C through R15B UNEM versions R9C through R15B

Description The affected products store both public and private keys used to sign and protect Custom Parameter Set (CPS) files from modification. An attacker who exploits this issue can change the CPS file and sign it to make it appear as the legitimate CPS file.

Recommendations For FOXMAN-UN versions R9C through R15B, consider disabling the signing functionality for CPS files until a patch is available. For UNEM versions R9C through R15B, restrict access to the CPS file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.