CVE-2023-5514

Published: Nov 1, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure.

Affected (1)

Products: Hitachienergy: Esoms

Hitachienergy

1 product

Esoms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hitachienergy Esoms	Up to 6.3.13

Related CWEs

CWE-209

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (2)

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true

Source: cybersecurity@hitachienergy.com

Vendor Advisory

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000175&languageCode=en&Preview=true

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.