CVE-2023-2622

Published: Nov 1, 2023Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.

Affected (1)

Products: Hitachienergy: Modular Advanced Control For Hvdc

1 product

Modular Advanced Control For Hvdc

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hitachienergy Modular Advanced Control For Hvdc	From 7.10.0.0 to 7.18.0.0

Related CWEs

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true

Source: cybersecurity@hitachienergy.com

Vendor Advisory

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.