CVE-2023-5767

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://publisher.hitachienergy.com/preview?DocumentId=8DBD000176&languageCode=en&Preview=true	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:hitachienergy:rtu520_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu520_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu520_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu520_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu520_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu520_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu520_firmware::::::::

cpe:2.3:h:hitachienergy:rtu520:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:hitachienergy:rtu530_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu530_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu530_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu530_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu530_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu530_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu530_firmware::::::::

cpe:2.3:h:hitachienergy:rtu530:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:hitachienergy:rtu540_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu540_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu540_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu540_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu540_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu540_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu540_firmware::::::::

cpe:2.3:h:hitachienergy:rtu540:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:hitachienergy:rtu560_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu560_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu560_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu560_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu560_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu560_firmware::::::::
	cpe:2.3:o:hitachienergy:rtu560_firmware::::::::

cpe:2.3:h:hitachienergy:rtu560:-:*:*:*:*:*:*:*

History

07 Dec 2023, 17:54

Type	Values Removed	Values Added
First Time		Hitachienergy rtu530 Hitachienergy rtu560 Hitachienergy rtu540 Hitachienergy rtu520 Firmware Hitachienergy rtu540 Firmware Hitachienergy rtu560 Firmware Hitachienergy Hitachienergy rtu530 Firmware Hitachienergy rtu520
References	~~() https://publisher.hitachienergy.com/preview?DocumentId=8DBD000176&languageCode=en&Preview=true -~~	() https://publisher.hitachienergy.com/preview?DocumentId=8DBD000176&languageCode=en&Preview=true - Vendor Advisory
CPE		cpe:2.3:o:hitachienergy:rtu560_firmware:::::::: cpe:2.3:h:hitachienergy:rtu520:-:::::::* cpe:2.3:h:hitachienergy:rtu560:-:::::::* cpe:2.3:o:hitachienergy:rtu530_firmware:::::::: cpe:2.3:h:hitachienergy:rtu530:-:::::::* cpe:2.3:o:hitachienergy:rtu540_firmware:::::::: cpe:2.3:h:hitachienergy:rtu540:-:::::::* cpe:2.3:o:hitachienergy:rtu520_firmware::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
CWE		CWE-79

04 Dec 2023, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-04 15:15

Updated : 2024-02-28 20:54

NVD link : CVE-2023-5767

Mitre link : CVE-2023-5767

CVE.ORG link : CVE-2023-5767

JSON object : View

Products Affected

hitachienergy

rtu540_firmware
rtu540
rtu530
rtu520
rtu530_firmware
rtu520_firmware
rtu560_firmware
rtu560

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10