CVE-2023-2622

Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.

CVSS v3 2.7 LOW

2.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true	Vendor Advisory
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:58

Type	Values Removed	Values Added
References	~~() https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true - Vendor Advisory~~	() https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : 2.7

08 Nov 2023, 20:02

Type	Values Removed	Values Added
References	~~(MISC) https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true -~~	(MISC) https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true - Vendor Advisory
First Time		Hitachienergy Hitachienergy modular Advanced Control For Hvdc
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3

01 Nov 2023, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-01 03:15

Updated : 2024-11-21 07:58

NVD link : CVE-2023-2622

Mitre link : CVE-2023-2622

CVE.ORG link : CVE-2023-2622

JSON object : View

Products Affected

hitachienergy

modular_advanced_control_for_hvdc

CWE

CWE-668

Exposure of Resource to Wrong Sphere

NVD-CWE-noinfo

{"id": "CVE-2023-2622", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-11-01T03:15:07.867", "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true", "tags": ["Vendor Advisory"], "source": "cybersecurity@hitachienergy.com"}, {"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "description": [{"lang": "en", "value": "CWE-668"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "\nAuthenticated clients can read arbitrary files on the MAIN Computer\nsystem using the remote procedure call (RPC) of the InspectSetup\nservice endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.\n\n"}, {"lang": "es", "value": "Los clientes autenticados pueden leer archivos arbitrarios en el sistema inform\u00e1tico PRINCIPAL mediante Remote Procedure Call (RPC) del endpoint del servicio InspectSetup. Luego, el cliente con privilegios bajos puede leer archivos arbitrarios para los que no tiene autorizaci\u00f3n."}], "lastModified": "2024-11-21T07:58:57.063", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hitachienergy:modular_advanced_control_for_hvdc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "462D2B72-044A-40AB-85F5-A2E082E04D01", "versionEndIncluding": "7.18.0.0", "versionStartIncluding": "7.10.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@hitachienergy.com"}