CVE-2023-2622

Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:*:*:*:*:*:*:*:*

History

08 Nov 2023, 20:02

Type	Values Removed	Values Added
References	~~(MISC) https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true -~~	(MISC) https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true - Vendor Advisory
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
First Time		Hitachienergy Hitachienergy modular Advanced Control For Hvdc

01 Nov 2023, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-01 03:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-2622

Mitre link : CVE-2023-2622

CVE.ORG link : CVE-2023-2622

JSON object : View

Products Affected

hitachienergy

modular_advanced_control_for_hvdc

CWE

NVD-CWE-noinfo CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2023-2622", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2023-11-01T03:15:07.867", "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true", "tags": ["Vendor Advisory"], "source": "cybersecurity@hitachienergy.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "\nAuthenticated clients can read arbitrary files on the MAIN Computer\nsystem using the remote procedure call (RPC) of the InspectSetup\nservice endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.\n\n"}, {"lang": "es", "value": "Los clientes autenticados pueden leer archivos arbitrarios en el sistema inform\u00e1tico PRINCIPAL mediante Remote Procedure Call (RPC) del endpoint del servicio InspectSetup. Luego, el cliente con privilegios bajos puede leer archivos arbitrarios para los que no tiene autorizaci\u00f3n."}], "lastModified": "2023-11-08T20:02:14.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "462D2B72-044A-40AB-85F5-A2E082E04D01", "versionEndIncluding": "7.18.0.0", "versionStartIncluding": "7.10.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@hitachienergy.com"}