CVE-2023-2625

🗓️ 28 Jun 2023 16:15:46Reported by Hitachi EnergyType

Vulnerability in CoreTec 4 allows authenticated client to inject shell commands

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2023-2625	28 Jun 202321:48	–	circl
CNNVD	Hitachi Energy TXpert Hub CoreTec 4 操作系统命令注入漏洞	28 Jun 202300:00	–	cnnvd
Cvelist	CVE-2023-2625	28 Jun 202316:15	–	cvelist
EUVD	EUVD-2023-34096	3 Oct 202520:07	–	euvd
NVD	CVE-2023-2625	28 Jun 202317:15	–	nvd
Prion	Design/Logic Flaw	28 Jun 202317:15	–	prion
Positive Technologies	PT-2023-20563 · Coretec 4 · Coretec 4	28 Jun 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-2625	23 May 202501:50	–	redhatcve
Vulnrichment	CVE-2023-2625	28 Jun 202316:15	–	vulnrichment

NVD

Node

abb txpert_hub_coretec_4_firmwareRange<3.0.1

AND

abb txpert_hub_coretec_4Match-

[
  {
    "defaultStatus": "unaffected",
    "product": "TXpert Hub CoreTec 4",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "TXpert Hub CoreTec 4 version 2.0.*"
      },
      {
        "status": "affected",
        "version": "TXpert Hub CoreTec 4 version 2.1.*"
      },
      {
        "status": "affected",
        "version": "TXpert Hub CoreTec 4 version 2.2.*"
      },
      {
        "status": "affected",
        "version": "TXpert Hub CoreTec 4 version 2.3.*"
      },
      {
        "status": "affected",
        "version": "TXpert Hub CoreTec 4 version 2.4.*"
      },
      {
        "status": "unaffected",
        "version": "TXpert Hub CoreTec 4 version 3.0.1"
      }
    ]
  }
]

Source	Link
search	www.search.abb.com/library/Download.aspx

21 Nov 2024 07:58Current

7.7High risk

Vulners AI Score7.7

CVSS 3.18 - 9

EPSS0.00168

SSVC

CWE-78

cve-2023-2625 coretec 4 vulnerability authenticated client shell commands web user interface nvd