CVE-2023-5767

Published: Dec 4, 2023Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized.

Affected (28)

Products: Hitachienergy: Rtu520 Firmware, Rtu530 Firmware, Rtu540 Firmware, Rtu560 Firmware

4 products

Configuration A

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hitachienergy Rtu520 Firmware	From 12.0.1 to 12.0.14
Hitachienergy Rtu520 Firmware	From 12.2.1 to 12.2.11
Hitachienergy Rtu520 Firmware	From 12.4.1 to 12.4.11
Hitachienergy Rtu520 Firmware	From 12.6.1 to 12.6.9
Hitachienergy Rtu520 Firmware	From 12.7.1 to 12.7.6
Hitachienergy Rtu520 Firmware	From 13.2.1 to 13.2.6
Hitachienergy Rtu520 Firmware	From 13.4.1 to 13.4.3

Running on/with	Platform Versions
Hitachienergy Rtu520	All versions

Configuration B

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hitachienergy Rtu530 Firmware	From 12.0.1 to 12.0.14
Hitachienergy Rtu530 Firmware	From 12.2.1 to 12.2.11
Hitachienergy Rtu530 Firmware	From 12.4.1 to 12.4.11
Hitachienergy Rtu530 Firmware	From 12.6.1 to 12.6.9
Hitachienergy Rtu530 Firmware	From 12.7.1 to 12.7.6
Hitachienergy Rtu530 Firmware	From 13.2.1 to 13.2.6
Hitachienergy Rtu530 Firmware	From 13.4.1 to 13.4.3

Running on/with	Platform Versions
Hitachienergy Rtu530	All versions

Configuration C

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hitachienergy Rtu540 Firmware	From 12.0.1 to 12.0.14
Hitachienergy Rtu540 Firmware	From 12.2.1 to 12.2.11
Hitachienergy Rtu540 Firmware	From 12.4.1 to 12.4.11
Hitachienergy Rtu540 Firmware	From 12.6.1 to 12.6.9
Hitachienergy Rtu540 Firmware	From 12.7.1 to 12.7.6
Hitachienergy Rtu540 Firmware	From 13.2.1 to 13.2.6
Hitachienergy Rtu540 Firmware	From 13.4.1 to 13.4.3

Running on/with	Platform Versions
Hitachienergy Rtu540	All versions

Configuration D

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hitachienergy Rtu560 Firmware	From 12.0.1 to 12.0.14
Hitachienergy Rtu560 Firmware	From 12.2.1 to 12.2.11
Hitachienergy Rtu560 Firmware	From 12.4.1 to 12.4.11
Hitachienergy Rtu560 Firmware	From 12.6.1 to 12.6.9
Hitachienergy Rtu560 Firmware	From 12.7.1 to 12.7.6
Hitachienergy Rtu560 Firmware	From 13.2.1 to 13.2.6
Hitachienergy Rtu560 Firmware	From 13.4.1 to 13.4.3

Running on/with	Platform Versions
Hitachienergy Rtu560	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000176&languageCode=en&Preview=true

Source: cybersecurity@hitachienergy.com

Vendor Advisory

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000176&languageCode=en&Preview=true

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.