CVE-2023-5767

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:rtu520:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:rtu530:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:rtu540:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:rtu560:-:*:*:*:*:*:*:*

History

07 Dec 2023, 17:54

Type Values Removed Values Added
First Time Hitachienergy rtu530
Hitachienergy rtu560
Hitachienergy rtu540
Hitachienergy rtu520 Firmware
Hitachienergy rtu540 Firmware
Hitachienergy rtu560 Firmware
Hitachienergy
Hitachienergy rtu530 Firmware
Hitachienergy rtu520
References () https://publisher.hitachienergy.com/preview?DocumentId=8DBD000176&languageCode=en&Preview=true - () https://publisher.hitachienergy.com/preview?DocumentId=8DBD000176&languageCode=en&Preview=true - Vendor Advisory
CPE cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:rtu520:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:rtu560:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:rtu530:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:rtu540:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CWE CWE-79

04 Dec 2023, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-04 15:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-5767

Mitre link : CVE-2023-5767

CVE.ORG link : CVE-2023-5767


JSON object : View

Products Affected

hitachienergy

  • rtu540_firmware
  • rtu540
  • rtu530
  • rtu520
  • rtu530_firmware
  • rtu520_firmware
  • rtu560_firmware
  • rtu560
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')