The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer
system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can
exploit this vulnerability by uploading a crafted ZIP archive via the
network to McFeeder’s service endpoint.
References
Link | Resource |
---|---|
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true | Vendor Advisory |
Configurations
History
08 Nov 2023, 20:24
Type | Values Removed | Values Added |
---|---|---|
First Time |
Hitachienergy
Hitachienergy modular Advanced Control For Hvdc |
|
CPE | cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | CWE-22 | |
References | (MISC) https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true - Vendor Advisory |
01 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-01 03:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-2621
Mitre link : CVE-2023-2621
CVE.ORG link : CVE-2023-2621
JSON object : View
Products Affected
hitachienergy
- modular_advanced_control_for_hvdc
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')