CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
14.0%
Authenticated clients can read arbitrary files on the MAIN Computer
system using the remote procedure call (RPC) of the InspectSetup
service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.
Vendor | Product | Version | CPE |
---|---|---|---|
hitachienergy | modular_advanced_control_for_hvdc | * | cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:*:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "MACH System Software",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "7.18.0.0",
"status": "affected",
"version": "7.10.0.0",
"versionType": "custom"
}
]
}
]