CVE-2023-4816

Published: Sep 11, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.

Affected (2)

Products: Hitachienergy: Asset Suite

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Hitachienergy Asset Suite	Up to 9.6.3.11.1
Hitachienergy Asset Suite	Version 9.6.4

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://images.go.hitachienergy.com/Web/ABBEnterpriseSoftware/%7B70b3d323-4866-42e1-8a75-58996729c1d4%7D_8DBD000172-VU-2023-23_Asset_Suite_Tagout_vulnerability_Rev1.pdf

Source: cybersecurity@hitachienergy.com

Vendor Advisory

https://images.go.hitachienergy.com/Web/ABBEnterpriseSoftware/%7B70b3d323-4866-42e1-8a75-58996729c1d4%7D_8DBD000172-VU-2023-23_Asset_Suite_Tagout_vulnerability_Rev1.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.