Lucene search

Hitachi EnergyCVE-2023-2622

HistoryNov 01, 2023 - 3:15 a.m.

CVE-2023-2622

2023-11-0103:15:07

CWE-668

Hitachi Energy

web.nvd.nist.gov

cve-2023-2622

authenticated clients

arbitrary file access

rpc

inspectsetup service

security vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

Percentile

14.0%

JSON

Authenticated clients can read arbitrary files on the MAIN Computer
system using the remote procedure call (RPC) of the InspectSetup
service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.

Affected configurations

Nvd

Node

hitachienergymodular_advanced_control_for_hvdcRange7.10.0.0–7.18.0.0

VendorProductVersionCPE
hitachienergymodular_advanced_control_for_hvdc*cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hitachienergy	modular_advanced_control_for_hvdc	*	cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MACH System Software",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "lessThanOrEqual": "7.18.0.0",
        "status": "affected",
        "version": "7.10.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

Percentile

14.0%

JSON

Related for CVE-2023-2622